Submit #2960
closednet.inet.carp.setroute sysctl
100%
Description
Hello,
CARP adds and deletes routes as interfaces state change. I wanted to prevent it from messing with routes on my hosts, and thus introduced a new sysctl under net.inet.carp (default behaviour kept obviously). Diff was done against v4.6.1.
My use case was a dual squid proxy setting, where their processes couldn't even resolve names, as the local resolvers were themselves subject to ARP load-balancing. AFAIU, the default route being set to CARP's IP address implied that their outgoing connections had their source address set to the virtual IP. This may be ok for routing, etc. but as soon as the CARP-enabled host has to initiate sessions, it breaks. Of course, I could be plain wrong and willingly accepting advice if there's a better solution.
Thanks in advance,
--
Francis GUDIN
Files
Updated by sepherosa about 8 years ago
On Wed, Oct 26, 2016 at 9:02 PM,
<bugtracker-admin@leaf.dragonflybsd.org> wrote:
Issue #2960 has been reported by fgudin.
----------------------------------------
Submit #2960: net.inet.carp.setroute sysctl
http://bugs.dragonflybsd.org/issues/2960
- Author: fgudin
- Status: New
- Priority: Normal
- Assignee:
- Category: Networking
- Target version:
----------------------------------------
Hello,CARP adds and deletes routes as interfaces state change. I wanted to prevent it from messing with routes on my hosts, and thus introduced a new sysctl under net.inet.carp (default behaviour kept obviously). Diff was done against v4.6.1.
My use case was a dual squid proxy setting, where their processes couldn't even resolve names, as the local resolvers were themselves subject to ARP load-balancing. AFAIU, the default route being set to CARP's IP address implied that their outgoing connections had their source address set to the virtual IP. This may be ok for routing, etc. but as soon as the CARP-enabled host has to initiate sessions, it breaks. Of course, I could be plain wrong and willingly accepting advice if there's a better solution.
I believe the routes are only changed (points to the CARP's address)
instead of deleted then re-added. Can you be more specific about your
breakage?
Thanks.
sephe
--
Tomorrow Will Never Die
Updated by fgudin about 8 years ago
sepherosa wrote:
instead of deleted then re-added. Can you be more specific about your
breakage?
Suppose hostA (192.168.1.1) and hostB (192.168.1.2) run squid processes and share 192.168.1.3 via CARP.
When squid on hostA tries to resolve a name with the local nameserver (say 192.168.1.4), it will choose a source address from the default route data. And return packets may or may not (depending on the load-balancing algo) reach back to it.
As discussed over IRC, CARP touching routes can also be annoying in other settings (tried to replace ARP lb with DNS RR, but i had to add aliases, etc. to work around this routing mess).
Updated by fgudin about 8 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
committed: https://gitweb.dragonflybsd.org/dragonfly.git/commit/a79ef4f66e5400fec0a10c72a0695bc554613fe2
Thank you sephe!