[LARTC] Re: failover with conntrackd - Abhijit Menon-Sen

From: Abhijit Menon-Sen <ams@toroid.org>
To: lartc@vger.kernel.org
Subject: [LARTC] Re: failover with conntrackd
Date: Tue, 23 Oct 2007 06:20:00 +0000	[thread overview]
Message-ID: <20071023060800.GA16481@toroid.org> (raw)

(Sorry for the delayed response. I've been on vacation. I'm quoting
extensively to provide context.)

At 2007-10-10 09:55:57 -0500, gtaylor@riverviewtech.net wrote:
>
> > Is anyone using conntrack-tools to implement gateway failover on a
> > network with windows clients? [...]

To recap: I have two gateway machines that share two virtual addresses
(one on eth0, connected to the internal network and the other on eth1,
connected to the outside world).

> Um, why are you not using the same MAC address for the gateway and
> having the systems decide who is actively using the MAC at any given
> time?

Mostly because neither ucarp nor keepalived seem to support changing the
MAC address... and besides, everything I read seems to suggest that just
gratuitous ARP should be sufficient.

> There is a very simple VRRP daemon (vrrpd) for Linux / Unix that will
> achieve this. To my knowledge it works by creating a new MAC address
> that is used for the VRRP router.

I did not realise that vrrpd supports it.

My problem with ucarp (which, like vrrpd, also uses a single daemon per
interface/shared IP) is that the pair of daemons on eth0 were not always
perfectly synchronised with the pair on eth1. As a result, failover time
was unpredictable. That's why I switched to keepalived, so as to manage
both interfaces with a single process.

But I'll try vrrpd anyway, thanks.

> The two or more VRRP routers will heart beat each other (I think by
> multicast (?)) 

Yes, through multicast; and if the primary goes down, the remaining
nodes elect a new primary.

I'll try it and report.

-- ams
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc