[ClusterLabs] IPaddr2 RA and multicast mac

Andrei Borzenkov arvidjaar at gmail.com
Wed Sep 4 00:32:04 EDT 2019 

04.09.2019 1:27, Tomer Azran пишет:
> Hello,
> 
> When using IPaddr2 RA in order to set a cloned IP address resource:
> 
> pcs resource create vip1 ocf:heartbeat:IPaddr2 ip=10.0.0.100 iflabel=vip1 cidr_netmask=24 flush_routes=true op monitor interval=30s
> pcs resource clone vip1 clone-max=2 clone-node-max=2 globally-unique=true
> 
> Then the cluster set the iptables CLUSTERIP module, and the result is something like that:
> 
> # iptables -L -n
> .
> .
> .
> CLUSTERIP  all  --  0.0.0.0/0            10.0.0.100         CLUSTERIP hashmode=sourceip-sourceport clustermac=A1:DE:DE:89:A6:FE total_nodes=2 local_node=1 hash_init=0
> .
> .
> .
> 
> The problem is that the RA picks a clustermac address which is not on the multicast range (must start with 01:00:5E)

You are mistaken. 01:00:5E range is reserved for multicast IPv4
addresses (224.0.0.0/4). In your example you use address 10.0.0.100
which is clearly not multicast so using MAC in this range would be
misleading.

> If not working with a multicast address, the traffic is being treated as broadcast which is bad.
> 

Well, by definition switch floods Ethernet frames with multicast bit set
to every station. Switches may limit this based on some protocol
snooping or similar; in particular, switches may learn IPv4 multicast
MACs on ingress frames and build corresponding forwarding table. But
this is switch-dependent.

Out of curiosity, what switch do you use?

> I found that you can set a multicast mac if you use the "mac" parameter, which solves the issue.
> 

What exactly "solves" means in this case?

> Can the RA default be changed to use multicast range?

No, see above.

> In addition, I think that you might need to update the documentation (https://clusterlabs.org/pacemaker/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/_clone_the_ip_address.html) and instruct users to use the mac parameter when creating the resource. In addition, I think that the documentation should instruct the user to enable multicast traffic on the network, which is not enabled by default.

What exactly do you mean here? It sounds like you talk about IPv4
multicast, but you do not use it your example either, so why would you
want enable it? And what exactly "enable multicast" means?

More information about the Users mailing list