Archives pour la catégorie ‘CARP’

FreeBSD : gestion des interfaces CARP

Lister les interfaces CARP du groupe principal carp :

# ifconfig -g carp

Assigner une interface CARP au groupe carp :

# ifconfig carp4 group carp

Supprimer une interface CARP du groupe carp :

# ifconfig carp4 -group carp

FreeBSD : patch pour la gestion des alias IPv6 sur interface CARP

Le driver CARP de FreeBSD 8.x contient un bug au niveau de la gestion IPv6. Au lieu d’ajouter chaque adresse IPv6 de l’interface CARP au groupe multicast ff02::1, le driver n’ajoute que la première adresse. Ainsi la prise en compte des alias n’est pas effective et la découverte du voisinage IPv6 n’aboutit pas :

ipv6_ifconfig_carp0="2001:1610:4::102 prefixlen 64"
ipv6_ifconfig_carp0_alias0="2001:1610:4::113 prefixlen 64"
0.000000 fe80::223:4ff:fe17:f840 -> ff02::1:ff00:113 ICMPv6 86 Neighbor Solicitation
0.999052 fe80::223:4ff:fe17:f840 -> ff02::1:ff00:113 ICMPv6 86 Neighbor Solicitation
1.999103 fe80::223:4ff:fe17:f840 -> ff02::1:ff00:113 ICMPv6 86 Neighbor Solicitation
3.000220 fe80::223:4ff:fe17:f840 -> ff02::1:ff00:113 ICMPv6 86 Neighbor Solicitation

Pour corriger ce bug, Paul Herman propose un patch à appliquer aux sources de FreeBSD :

# cd /usr/src
# zcat /path/to/carp_ip6_alias.patch.gz | patch
--- sys/netinet6/in6.c.orig    2011-08-19 07:08:30.000000000 +0000
+++ sys/netinet6/in6.c    2011-08-19 07:09:53.000000000 +0000
@@ -1743,7 +1743,7 @@

ia->ia_addr = *sin6;

-    if (ifacount <= 1 && ifp->if_ioctl) {
+    if ((ifacount <= 1 || ifp->if_type == IFT_CARP) && ifp->if_ioctl) {
error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia);
if (error) {
splx(s);
--- sys/netinet/ip_carp.c.orig    2011-08-19 07:52:56.000000000 +0000
+++ sys/netinet/ip_carp.c    2011-08-19 07:15:03.000000000 +0000
@@ -1670,9 +1670,11 @@
struct carp_if *cif;
struct in6_ifaddr *ia, *ia_if;
struct ip6_moptions *im6o = &sc->sc_im6o;
+    struct in6_multi *in6m;
struct in6_addr in6;
int own, error;

+
error = 0;

if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
@@ -1729,8 +1731,6 @@
}

if (!sc->sc_naddrs6) {
-        struct in6_multi *in6m;
-
im6o->im6o_multicast_ifp = ifp;

/* join CARP multicast address */
@@ -1745,24 +1745,24 @@
goto cleanup;
im6o->im6o_membership[0] = in6m;
im6o->im6o_num_memberships++;
-
-        /* join solicited multicast address */
-        bzero(&in6, sizeof(in6));
-        in6.s6_addr16[0] = htons(0xff02);
-        in6.s6_addr32[1] = 0;
-        in6.s6_addr32[2] = htonl(1);
-        in6.s6_addr32[3] = sin6->sin6_addr.s6_addr32[3];
-        in6.s6_addr8[12] = 0xff;
-        if (in6_setscope(&in6, ifp, NULL) != 0)
-            goto cleanup;
-        in6m = NULL;
-        error = in6_mc_join(ifp, &in6, NULL, &in6m, 0);
-        if (error)
-            goto cleanup;
-        im6o->im6o_membership[1] = in6m;
-        im6o->im6o_num_memberships++;
}

+    /* join solicited multicast address */
+    bzero(&in6, sizeof(in6));
+    in6.s6_addr16[0] = htons(0xff02);
+    in6.s6_addr32[1] = 0;
+    in6.s6_addr32[2] = htonl(1);
+    in6.s6_addr32[3] = sin6->sin6_addr.s6_addr32[3];
+    in6.s6_addr8[12] = 0xff;
+    if (in6_setscope(&in6, ifp, NULL) != 0)
+        goto cleanup;
+    in6m = NULL;
+    error = in6_mc_join(ifp, &in6, NULL, &in6m, 0);
+    if (error)
+        goto cleanup;
+    im6o->im6o_membership[1] = in6m;
+    im6o->im6o_num_memberships++;
+
if (!ifp->if_carp) {
cif = malloc(sizeof(*cif), M_CARP,
M_WAITOK|M_ZERO);

Une fois le noyau de l’hôte patché, le test par ping externe est concluant.

Patch : [Téléchargement introuvable]

FreeBSD : IPv6 avec CARP et VLAN

node1# more /etc/rc.conf
[...]
ipv6_enable="YES"
ipv6_gateway_enable="YES"
ipv6_network_interfaces="lo0 igb0 em0 vlan1 vlan101 vlan102 carp0 carp1 carp2"
ipv6_defaultrouter="::1"

ipv6_ifconfig_igb0="fdcb:9921:3552:afd6::2 prefixlen 64"
ipv6_ifconfig_em0="fdcb:9921:3552:afff::2 prefixlen 64"
ipv6_ifconfig_vlan1="fdcb:9921:3552:afd7::2 prefixlen 64"
ipv6_ifconfig_vlan101="fdcb:9921:3552:afd8::2 prefixlen 64"
ipv6_ifconfig_vlan102="fdcb:9921:3552:afd9::2 prefixlen 64"
ipv6_ifconfig_carp0="fdcb:9921:3552:afd6::1 prefixlen 64"
ipv6_ifconfig_carp1="fdcb:9921:3552:afd8::1 prefixlen 64"
ipv6_ifconfig_carp2="fdcb:9921:3552:afd9::1 prefixlen 64"
[...]
pf_enable="YES"
pf_flags=""
pf_rules="/etc/fw.conf"
pfsync_enable="YES"
pfsync_syncdev="em0"
[...]

Pour la configuration IPv4, c’est par ici.

FreeBSD : redondance réseau CARP et VLAN

Serveur primaire

node1# more /etc/rc.conf
gateway_enable="YES"

network_interfaces="lo0 igb0 igb1 em0"
ifconfig_igb0="up"
ifconfig_igb1="inet 172.16.2.251 netmask 255.255.255.0"
ifconfig_em0="192.168.254.251 netmask 255.255.255.0"
defaultrouter="172.16.2.254"

cloned_interfaces="vlan1 vlan101 vlan102 carp0 carp1 carp2 carp3"
ifconfig_vlan1="inet 192.168.0.251 netmask 255.255.255.0 vlan 1 vlandev igb0"
ifconfig_vlan101="inet 192.168.1.251 netmask 255.255.255.0 vlan 101 vlandev igb0"
ifconfig_vlan102="inet 192.168.2.251 netmask 255.255.255.0 vlan 102 vlandev igb0"
ifconfig_carp0="vhid 1 pass my$ecret 192.168.0.254 netmask 255.255.255.0 advbase 1 advskew 0"
ifconfig_carp1="vhid 2 pass my$ecret 192.168.1.254 netmask 255.255.255.0 advbase 1 advskew 0"
ifconfig_carp2="vhid 3 pass my$ecret 192.168.2.254 netmask 255.255.255.0 advbase 1 advskew 0"
ifconfig_carp3="vhid 4 pass my$ecret 172.16.2.253 netmask 255.255.255.0 advbase 1 advskew 0"

pf_enable="YES"
pf_flags=""
pf_rules="/etc/fw.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pfsync_enable="YES"
pfsync_syncdev="em0"
pfsync_syncpeer="192.168.254.252"
node1# echo net.inet.carp.preempt=1 > /etc/sysctl.conf
node1# sysctl net.inet.carp.preempt=1
node1# ee pf.conf
pass quick on em0 inet proto pfsync from any to any
pass quick on { vlan1 vlan101 vlan102 igb1 } inet proto carp from any to any

Serveur secondaire

node2# more /etc/rc.conf
gateway_enable="YES"

network_interfaces="lo0 igb0 igb1 em0"
ifconfig_igb0="up"
ifconfig_igb1="inet 172.16.2.252 netmask 255.255.255.0"
ifconfig_em0="192.168.254.252 netmask 255.255.255.0"
defaultrouter="172.16.2.254"

cloned_interfaces="vlan1 vlan101 vlan102 carp0 carp1 carp2 carp3"
ifconfig_vlan1="inet 192.168.0.252 netmask 255.255.255.0 vlan 1 vlandev igb0"
ifconfig_vlan101="inet 192.168.1.252 netmask 255.255.255.0 vlan 101 vlandev igb0"
ifconfig_vlan102="inet 192.168.2.252 netmask 255.255.255.0 vlan 102 vlandev igb0"
ifconfig_carp0="vhid 1 pass my$ecret 192.168.0.254 netmask 255.255.255.0 advbase 1 advskew 100"
ifconfig_carp1="vhid 2 pass my$ecret 192.168.1.254 netmask 255.255.255.0 advbase 1 advskew 100"
ifconfig_carp2="vhid 3 pass my$ecret 192.168.2.254 netmask 255.255.255.0 advbase 1 advskew 100"
ifconfig_carp3="vhid 4 pass my$ecret 172.16.2.253 netmask 255.255.255.0 advbase 1 advskew 100"

pf_enable="YES"
pf_flags=""
pf_rules="/etc/fw.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pfsync_enable="YES"
pfsync_syncdev="em0"
pfsync_syncpeer="192.168.254.251"
node2# echo net.inet.carp.preempt=1 > /etc/sysctl.conf
node2# sysctl net.inet.carp.preempt=1
node2# ee pf.conf
pass quick on em0 inet proto pfsync from any to any
pass quick on { vlan1 vlan101 vlan102 igb1 } inet proto carp from any to any
Haut de page