-
-
Notifications
You must be signed in to change notification settings - Fork 737
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keepalived cannot handle multiple incoming/outgoing interfaces and unicast #1569
Comments
@vincentbernat I have nearly completed the work on this, but it would be very helpful if you could test what I have done so far. The only outstanding functionality at the moment, so far as I am aware, is properly handling the unicast src address being deleted from or added to interfaces and appropriately leaving or going to fault state. I do need to further check the changes for SNMP, DBus and JSON for not having an interface specified for the VRRP instance; I suspect just using an ifindex of 0 is not the right thing to do. If you do have an opportunity to look at the SNMP changes and comment on those, it would be very helpful. I have implemented what you suggested of not specifying an interface when you want to use kernel routing for sending adverts, so for your scenario you must not specify The attached patch applies to commit 1344729 - it isn't yet updated for the transition to list_head |
Oh, I didn't thought you would have made the change! In the meantime, I am just using VXLAN with unicast flooding to workaround the issue. I'll test your patch and look at the SNMP part during this week-end. |
Once I understood what the issue was I realised that it was quite pertinant; I just didn't realise how big an impact it would have no longer having an interface for a vrrp instance. While implementing this change, it occurred to me that using ifindex as part of an OID may be dubious (this applies to the RFC MIBs as well). If an interface is deleted (e.g. a hot-swap interface card or USB device is removed) and then recreated, the ifindex of that interface will change oven though the interface name doesn't change. My question is: is it right that the OID should change, or should the OID remain the same? |
Most vendors, ensure the ifindex does not change for an interface by keeping some persistence file. This is the default for Juniper and this has to be enabled on Cisco IOS (and I think this is the default on more modern versions). Net-SNMP doesn't have this feature so people should be used for the OID to change when the index change. This happens for IF-MIB as well. I am not using SNMP a lot with Linux servers anymore, but I don't remember this was an issue in the past with the tools I have been using. |
Your patch works for me. As for Net-SNMP, I am currently unable to compile Keepalived with SNMP support due to |
Commit 557dfbe adds the ability to omit the interface for unicast peers. This does not yet handle going to FAULT state if the unicast_src_ip is deleted from the system while keepalived is running, or leaving FAULT state if the unicast_src_ip is added. At the moment if the unicast_src_ip does not exist when keepalived starts, the vrrp instance will go to FAULT state and never leave it. |
@pqarmitage is there are resolution to this issue? |
As a workaround, you can use VXLAN to emulate a L2 segment between the keepalived peers. |
Describe the bug
When using
unicast_peer
, I would expect Keepalived to use system routes to contact the peer. However, Keepalived only sends and receives using the main interface. Therefore, if the peer is not reachable through this interface or if the remote peer sends VRRP announces through another interface, Keepalived gets confused.To Reproduce
On host 1:
On host 2:
It is assumed there is a router in the middle routing the four subnets appropriately.
Configuration for host 1:
Configuration for host 2:
Expected behavior
I would expect to not have to specify
interface eth0
since it is not needed with unicast (though I understand why Keepalived actually needs it since it is using raw sockets for both sending and receiving).Keepalived version
Distro
System Log entries
In my case, both host 1 and host 2 are entering MASTER state because they don't see each other advertisement because they happen to flow on the second interface (
eth1
).Here is what I get from
eth0
on host 1:And on
eth1
:First is the advertisement from host 2, second is the answer from host 1 because no VRRP handler is registered on
eth1
and the second is the same answer from host 2.The text was updated successfully, but these errors were encountered: