[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ha
Subject: Re: [Linux-HA] inactive node answers arp requests for failover ip
From: nils toedtmann <ntoedtmann () marcant ! net>
Date: 2003-07-30 12:50:25
[Download RAW message or body]
On Wed, Jul 30, 2003 at 04:29:32PM +0900, Horms wrote:
> On Tue, Jul 29, 2003 at 08:44:27AM -0600, Alan Robertson wrote:
> > Hi Nils,
> >
> > nils toedtmann wrote:
> > >Hello,
> > >
> > >i've set up a ha firewall with heartbeat & freeswan. Works fine,
> > >but once in a while __both__ nodes answer the routers arp request
> > >for the failover ip. In case the arp-reply from the wrong, inactive node
> > >("node2") comes later, it wins and the ip packets go to the it's NIC.
> > >Since the failover ip is not bound to node2's interfaces, the packets
> > >get discarded. Absolutely nothing appears in the logfiles.
> >
> > OK...
> >
> > Any time heartbeat issues any commands that do anything to anything, it
> > logs them. So, if the behavior comes and goes without any log entries,
> > heartbeat is probably not causing it. I would suspect the set of services
> > and patches you're currently running -- since I don't know of anyone else
> > who has reported this problem. Horms or lmb might be of more help on this
> > one though....
>
> A few things spring to mind:
>
> * Check interfaces: ip addr sh
As i said in my original mail, that's ok (inactive node not bound to
any VIP).
> * Check for static arp entries: arp -a
Where? On the router? Anyway, we don't use static arp entries, so if
heartbeat doesn't use them, there are none.
> * What kernel is being used?
> Sometimes strange kernels do strange things.
As i said in the initial posting:
> > The systems: redhat8, monolithic kernel (2.4.21 with several patches
> > like freeswan, lids, pax, some netfilter patches),
> > heartbeat-1.0.3-1.rh.8.0.1
> > from <http://www.ultramonkey.org/download/heartbeat/1.0.3/redhat_8.0/>
Since the inactive node runs on a redhat errara kernel, the problem
disappeared. Now we try to figure out which kernelpatch is evil.
(compile kernel, boot it, wait for two hours to see if arp-problem occurs.
compile next kernel ...)
/nils.
--
nils toedtmann
department for technical paranoia
marcant internet-services gmbh <http://www.marcant.net/>
_______________________________________________
Linux-HA mailing list
Linux-HA@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic