[ClusterLabs] IPaddr2 RA and multicast mac
Michael Schwartzkopff
ms at sys4.de
Wed Sep 4 04:16:39 EDT 2019
Am 04.09.19 um 00:27 schrieb Tomer Azran:
> Hello,
>
> When using IPaddr2 RA in order to set a cloned IP address resource:
>
> pcs resource create vip1 ocf:heartbeat:IPaddr2 ip=10.0.0.100 iflabel=vip1 cidr_netmask=24 flush_routes=true op monitor interval=30s
> pcs resource clone vip1 clone-max=2 clone-node-max=2 globally-unique=true
>
> Then the cluster set the iptables CLUSTERIP module, and the result is something like that:
>
> # iptables -L -n
> .
> .
> .
> CLUSTERIP all -- 0.0.0.0/0 10.0.0.100 CLUSTERIP hashmode=sourceip-sourceport clustermac=A1:DE:DE:89:A6:FE total_nodes=2 local_node=1 hash_init=0
> .
> .
> .
>
> The problem is that the RA picks a clustermac address which is not on the multicast range (must start with 01:00:5E)
> If not working with a multicast address, the traffic is being treated as broadcast which is bad.
>
> I found that you can set a multicast mac if you use the "mac" parameter, which solves the issue.
>
> Can the RA default be changed to use multicast range?
> In addition, I think that you might need to update the documentation (https://clusterlabs.org/pacemaker/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/_clone_the_ip_address.html) and instruct users to use the mac parameter when creating the resource. In addition, I think that the documentation should instruct the user to enable multicast traffic on the network, which is not enabled by default.
>
> Tomer Azran
> IDM & LINUX Professional Services
>
> tomer.azran at edp.co.il<mailto:tomer.azran at edp.co.il>
> m: +972-52-6389961
> t: +972-3-6438222
> f: +972-3-6438004
>
> [http://www.edp.co.il/logo1-small.png]<http://www.edp.co.il/>
> www.edp.co.il<http://www.edp.co.il/>
>
>
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
Hi,
im Layer2 frames the least important bit of the most important byte
decides if it is multicast / broadcast or unicat. A "0" tells the switch
it is unicast and a "1" indicates a multicast address.
Depending on the switch vendor, the switch does learn the mutlicast MAC
address for the interface where it sees such a packet comming in or not.
A IEEE document explicitly says that a router SHOULD NOT learn multicast
MAC addresses for unicast IP addresses. Cisco is the only vendor that
sticks to that standard. On Cisco devices you have to add the MAC
manually. All other vendors just learn the MAC address.
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20190904/de6eec05/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20190904/de6eec05/attachment-0001.sig>
More information about the Users
mailing list