* Re: Re: [LARTC] VRRPD (rfc2338)
@ 2002-12-12 14:44 Dmitry Golubev
2002-12-13 18:35 ` Dmitry Golubev
0 siblings, 1 reply; 2+ messages in thread
From: Dmitry Golubev @ 2002-12-12 14:44 UTC (permalink / raw)
To: lartc
Hello,
But as far as I know, there is no VRRP implementations that fully comply
with rfc2338 as it requires multiple MAC addresses for the one poor linux
box's interface. Maybe, someone can suggest a working solution of this
problem?
I have seen one idea, but haven't tested it yet (hope someone can try it out):
To bridge the physical iface with TAP on which the vrrpd (or keepalived) is
running. In that case we could make the VRRP-router that fully comply with RFC.
For more info see: http://www.math.leidenuniv.nl/pipermail/bridge/2002-June/002021.html
BR, Dmitry
==== At 2002-12-11, 03:56:00 you wrote: ===
>The daemon at http://www.keepalived.org/ is the VRRPd implementation
>that's supposed to be the best. It's actually part of the Linux Virtual
>Server project (layer 4 load balancer), but the author claims you should
>be able to use it as a pure VRRP daemon -- although when I've read the
>doc, I couldn't figure out how. (But don't be discouraged by my
>impatience. :) It's supposed to be the most mature and ready-for-production.
>
>There's also Jerome Etienne's reference implementation (don't have a
>URL, but it's easy to Google). However, I've heard from more than place
>that this is too proof-of-concept and perhaps not production-worthy.
>Here's a link to a paper about running VRRPd as the hotspare protocol
>for linux firewalls (uses Jerome Etienne's implementation):
>http://www.gnusec.com/resource/security/docs/HAFirewallLinux-VRRP.pdf.
>
>BTW, keep in mind that if you intend to use VRRP in an environment with
>Cisco routers, you'll need to do some work on them too. Cisco routers do
>not accept multicast MAC addresses as legit ARP replies by default.
>Unfortunately, the VRRP RFC and all implementations use multicast MACs.
>What that means is that you'll need to either 1) turn the switch on the
>Cisco routers that makes them accept multicast MAC ARP replies (good),
>or 2) put a static ARP entry in the Cisco routers for the VRRP multicast
>MACs (better).
>
>Hope that helps.
>
>-S
>
>
>Anton Tinchev wrote:
>
>>Can someone point me for good VRRPD (rfc2338) implementation on linux.
>>Some stable and live project
>>Thanks
>>
>>_______________________________________________
>>LARTC mailing list / LARTC@mailman.ds9a.nl
>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>>
>>
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Re: [LARTC] VRRPD (rfc2338)
2002-12-12 14:44 Re: [LARTC] VRRPD (rfc2338) Dmitry Golubev
@ 2002-12-13 18:35 ` Dmitry Golubev
0 siblings, 0 replies; 2+ messages in thread
From: Dmitry Golubev @ 2002-12-13 18:35 UTC (permalink / raw)
To: lartc
Hello,
And then bridge these interfaces together? I do not want to use any king of
switch simply to make the card respond for multiple MAC addrs. Moreover
I have seen VLAN probems with some eth cards that cannot work with
1504 byte packets
Anyway, Alexandre claims VLAN solution hacky. Do You use it in production?
BR, Dmitry
==== At 2002-12-12, 15:05:00 you wrote: ===
>Dmitry Golubev wrote:
>
>>But as far as I know, there is no VRRP implementations that fully comply
>>with rfc2338 as it requires multiple MAC addresses for the one poor linux
>>box's interface. Maybe, someone can suggest a working solution of this
>>problem?
>>
>Yes, there is a way -- the VLAN code in the linux kernel supports
>setting the MAC address of virtual interfaces (eth0.5, for instance).
>AFAIC, this is much superior (in concept) to multicast MACs, given the
>Cisco problem.
>
>>
>>I have seen one idea, but haven't tested it yet (hope someone can try it out):
>>
>>To bridge the physical iface with TAP on which the vrrpd (or keepalived) is
>>running. In that case we could make the VRRP-router that fully comply with RFC.
>>
>>For more info see: http://www.math.leidenuniv.nl/pipermail/bridge/2002-June/002021.html
>>
>>BR, Dmitry
>>
>>==== At 2002-12-11, 03:56:00 you wrote: ===>>
>>
>>
>>>The daemon at http://www.keepalived.org/ is the VRRPd implementation
>>>that's supposed to be the best. It's actually part of the Linux Virtual
>>>Server project (layer 4 load balancer), but the author claims you should
>>>be able to use it as a pure VRRP daemon -- although when I've read the
>>>doc, I couldn't figure out how. (But don't be discouraged by my
>>>impatience. :) It's supposed to be the most mature and ready-for-production.
>>>
>>>There's also Jerome Etienne's reference implementation (don't have a
>>>URL, but it's easy to Google). However, I've heard from more than place
>>>that this is too proof-of-concept and perhaps not production-worthy.
>>>Here's a link to a paper about running VRRPd as the hotspare protocol
>>>for linux firewalls (uses Jerome Etienne's implementation):
>>>http://www.gnusec.com/resource/security/docs/HAFirewallLinux-VRRP.pdf.
>>>
>>>BTW, keep in mind that if you intend to use VRRP in an environment with
>>>Cisco routers, you'll need to do some work on them too. Cisco routers do
>>>not accept multicast MAC addresses as legit ARP replies by default.
>>>Unfortunately, the VRRP RFC and all implementations use multicast MACs.
>>>What that means is that you'll need to either 1) turn the switch on the
>>>Cisco routers that makes them accept multicast MAC ARP replies (good),
>>>or 2) put a static ARP entry in the Cisco routers for the VRRP multicast
>>>MACs (better).
>>>
>>>Hope that helps.
>>>
>>>-S
>>>
>>>
>>>Anton Tinchev wrote:
>>>
>>>
>>>
>>>>Can someone point me for good VRRPD (rfc2338) implementation on linux.
>>>>Some stable and live project
>>>>Thanks
>>>>
>>>>_______________________________________________
>>>>LARTC mailing list / LARTC@mailman.ds9a.nl
>>>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>>>>
>>>>
>>>>
>>>>
>>>_______________________________________________
>>>LARTC mailing list / LARTC@mailman.ds9a.nl
>>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>>>
>>>
>>
>>
>>
>>
>>
>>_______________________________________________
>>LARTC mailing list / LARTC@mailman.ds9a.nl
>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>>
>>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-12-13 18:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-12-12 14:44 Re: [LARTC] VRRPD (rfc2338) Dmitry Golubev
2002-12-13 18:35 ` Dmitry Golubev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.