Re: Host address zero vs bridge, carp and nat
- In reply to: Bob Bishop : "Host address zero vs bridge, carp and nat"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 24 Apr 2023 15:54:41 UTC
unsubscribe On Mon, Apr 24, 2023 at 1:00 AM Bob Bishop <rb@gid.co.uk> wrote: > > Hi, > > We’re commissioning a new router build here based on 13.2-RC5 (bad timing) and it seems that something is amiss when using host address zero with this combination. More precisely, this setup: > > igb1: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=4e523bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP> > ether 00:0d:b9:5f:0f:31 > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> > igb2: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=4e523bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP> > ether 00:0d:b9:5f:0f:32 > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> > > bridge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > ether 00:0d:b9:5f:0f:31 > inet x.y.z.0 netmask 0xffffffe0 broadcast x.y.z.31 > inet x.y.z.10 netmask 0xffffffe0 broadcast x.y.z.31 vhid 11 > inet x.y.z.11 netmask 0xffffffe0 broadcast x.y.z.31 vhid 11 > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: igb2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 3 priority 128 path cost 2000000 > member: igb1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 2 priority 128 path cost 2000000 > groups: bridge > carp: MASTER vhid 11 advbase 1 advskew 100 > nd6 options=9<PERFORMNUD,IFDISABLED> > > > doesn’t pass traffic through the bridge. The NAT is in-kernel via ipfw and there are firewall rules in play but they do not seem to be a factor. > > Change the primary address on the bridge to eg x.y.z.13 and everything works. carp failover seem to work OK with the zero host in spite of not passing traffic. > > We only found this because in live we’ll have a /29 and we are going to run out of addresses if we can’t use zero. The bridge is required to avoid using a switch upstream where we have two routers on redundant fibres using VRRP. > > We will solve this by getting a bigger allocation upstream unless anyone has any bright ideas, in default of which I’ll raise a bug report. > > -- > Bob Bishop > rb@gid.co.uk > > > > > -- George Kontostanos ---