<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Am 04.09.19 um 00:27 schrieb Tomer
Azran:<br>
</div>
<blockquote type="cite"
cite="mid:507b838cf24f4e2283bd0d5cb6054a3a@edp.co.il">
<pre class="moz-quote-pre" wrap="">Hello,
When using IPaddr2 RA in order to set a cloned IP address resource:
pcs resource create vip1 ocf:heartbeat:IPaddr2 ip=10.0.0.100 iflabel=vip1 cidr_netmask=24 flush_routes=true op monitor interval=30s
pcs resource clone vip1 clone-max=2 clone-node-max=2 globally-unique=true
Then the cluster set the iptables CLUSTERIP module, and the result is something like that:
# iptables -L -n
.
.
.
CLUSTERIP all -- 0.0.0.0/0 10.0.0.100 CLUSTERIP hashmode=sourceip-sourceport clustermac=A1:DE:DE:89:A6:FE total_nodes=2 local_node=1 hash_init=0
.
.
.
The problem is that the RA picks a clustermac address which is not on the multicast range (must start with 01:00:5E)
If not working with a multicast address, the traffic is being treated as broadcast which is bad.
I found that you can set a multicast mac if you use the "mac" parameter, which solves the issue.
Can the RA default be changed to use multicast range?
In addition, I think that you might need to update the documentation (<a class="moz-txt-link-freetext" href="https://clusterlabs.org/pacemaker/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/_clone_the_ip_address.html">https://clusterlabs.org/pacemaker/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/_clone_the_ip_address.html</a>) and instruct users to use the mac parameter when creating the resource. In addition, I think that the documentation should instruct the user to enable multicast traffic on the network, which is not enabled by default.
Tomer Azran
IDM & LINUX Professional Services
<a class="moz-txt-link-abbreviated" href="mailto:tomer.azran@edp.co.il">tomer.azran@edp.co.il</a><a class="moz-txt-link-rfc2396E" href="mailto:tomer.azran@edp.co.il"><mailto:tomer.azran@edp.co.il></a>
m: +972-52-6389961
t: +972-3-6438222
f: +972-3-6438004
[<a class="moz-txt-link-freetext" href="http://www.edp.co.il/logo1-small.png">http://www.edp.co.il/logo1-small.png</a>]<a class="moz-txt-link-rfc2396E" href="http://www.edp.co.il/"><http://www.edp.co.il/></a>
<a class="moz-txt-link-abbreviated" href="http://www.edp.co.il">www.edp.co.il</a><a class="moz-txt-link-rfc2396E" href="http://www.edp.co.il/"><http://www.edp.co.il/></a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Manage your subscription:
<a class="moz-txt-link-freetext" href="https://lists.clusterlabs.org/mailman/listinfo/users">https://lists.clusterlabs.org/mailman/listinfo/users</a>
ClusterLabs home: <a class="moz-txt-link-freetext" href="https://www.clusterlabs.org/">https://www.clusterlabs.org/</a></pre>
</blockquote>
<p><br>
</p>
<p>Hi,</p>
<p><br>
</p>
<p>im Layer2 frames the least important bit of the most important
byte decides if it is multicast / broadcast or unicat. A "0" tells
the switch it is unicast and a "1" indicates a multicast address.</p>
<p>Depending on the switch vendor, the switch does learn the
mutlicast MAC address for the interface where it sees such a
packet comming in or not.</p>
<p><br>
</p>
<p>A IEEE document explicitly says that a router SHOULD NOT learn
multicast MAC addresses for unicast IP addresses. Cisco is the
only vendor that sticks to that standard. On Cisco devices you
have to add the MAC manually. All other vendors just learn the MAC
address.<br>
</p>
<p><br>
</p>
<p><br>
</p>
<pre class="moz-signature" cols="72">Mit freundlichen Grüßen,
--
[*] sys4 AG
<a class="moz-txt-link-freetext" href="https://sys4.de">https://sys4.de</a>, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein</pre>
</body>
</html>