Project

General

Profile

Submit #2960

net.inet.carp.setroute sysctl

Added by fgudin about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Networking
Target version:
-
Start date:
10/26/2016
Due date:
% Done:

100%


Description

Hello,

CARP adds and deletes routes as interfaces state change. I wanted to prevent it from messing with routes on my hosts, and thus introduced a new sysctl under net.inet.carp (default behaviour kept obviously). Diff was done against v4.6.1.

My use case was a dual squid proxy setting, where their processes couldn't even resolve names, as the local resolvers were themselves subject to ARP load-balancing. AFAIU, the default route being set to CARP's IP address implied that their outgoing connections had their source address set to the virtual IP. This may be ok for routing, etc. but as soon as the CARP-enabled host has to initiate sessions, it breaks. Of course, I could be plain wrong and willingly accepting advice if there's a better solution.

Thanks in advance,
--
Francis GUDIN

carp.diff View (3.36 KB) fgudin, 10/26/2016 06:02 AM

History

#1 Updated by sepherosa about 1 year ago

On Wed, Oct 26, 2016 at 9:02 PM,
<> wrote:
> Issue #2960 has been reported by fgudin.
>
> ----------------------------------------
> Submit #2960: net.inet.carp.setroute sysctl
> http://bugs.dragonflybsd.org/issues/2960
>
> * Author: fgudin
> * Status: New
> * Priority: Normal
> * Assignee:
> * Category: Networking
> * Target version:
> ----------------------------------------
> Hello,
>
> CARP adds and deletes routes as interfaces state change. I wanted to prevent it from messing with routes on my hosts, and thus introduced a new sysctl under net.inet.carp (default behaviour kept obviously). Diff was done against v4.6.1.
>
> My use case was a dual squid proxy setting, where their processes couldn't even resolve names, as the local resolvers were themselves subject to ARP load-balancing. AFAIU, the default route being set to CARP's IP address implied that their outgoing connections had their source address set to the virtual IP. This may be ok for routing, etc. but as soon as the CARP-enabled host has to initiate sessions, it breaks. Of course, I could be plain wrong and willingly accepting advice if there's a better solution.
>

I believe the routes are only changed (points to the CARP's address)
instead of deleted then re-added. Can you be more specific about your
breakage?

Thanks.
sephe

--
Tomorrow Will Never Die

#2 Updated by fgudin about 1 year ago

sepherosa wrote:

> instead of deleted then re-added. Can you be more specific about your
> breakage?

Suppose hostA (192.168.1.1) and hostB (192.168.1.2) run squid processes and share 192.168.1.3 via CARP.
When squid on hostA tries to resolve a name with the local nameserver (say 192.168.1.4), it will choose a source address from the default route data. And return packets may or may not (depending on the load-balancing algo) reach back to it.
As discussed over IRC, CARP touching routes can also be annoying in other settings (tried to replace ARP lb with DNS RR, but i had to add aliases, etc. to work around this routing mess).

#3 Updated by fgudin about 1 year ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF