| Age | Commit message (Collapse) | Author |
|---|
|
E.g. give up the MASTER status if there's a host with a lower
demote count, even if it has a higher advskew.
At the moment this shouldn't cause any change, but this is a
first step towards the removal of the
"bump the advskew to 240 in case of errors" hack,
without breaking backward compatibility.
OK henning@
|
|
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
|
no carpdev configured.
I don't see how we can run into this at all, but let's
leave this test for a a little extra safety.
OK henning@
|
|
gets bigger than 255. OK henning@
|
|
even the unicast address of the remote carp peer. this especially
helps when the multicast carp advertisements are causing problems in
the network (some crappy switches don't do well with multicast), there
are conflicts with VRRP, or the policy of the network does not allow
multicast (most Internet eXchange points didn't allow carped OpenBGP
routers because of the multicast advertisements).
discussed with many
ok mpf@
|
|
Reduces the amount of dmesg noise.
Tested and OK mcbride@
|
|
ok deraadt@
|
|
and the one route with the lowest number wins. This will be used by the
routing daemons to resolve the synchronisations issue in case of conflicts.
The nasty bits of this are in the multipath code. If no priority is specified
the kernel will choose an appropriate priority.
Looked at by a few people at n2k8 code is much older
|
|
simple on/off, allowing more control over how verbose the logging is.
This also allows you to do a further level of filtering in syslog.conf
if you need to.
Also add logging of state changes, inspired by diff provided by
Brian A. Seklecki in PR 5513. These messages are logged by default.
ok henning mpf deraadt
|
|
OK mcbride@, mickey@
|
|
Instead of using the same IP on multiple interfaces, carp has to be
configured with the new "carpnodes" and "balancing" options.
# ifconfig carp0 carpnodes 1:0,2:100,3:100 balancing ip carpdev sis0 192.168.5.50
Please note, that this is a flag day for anyone using carp balancing.
You'll need to adjust your configuration accordingly.
Addititionally this diff adds IPv6 NDP balancing support.
Tested and OK mcbride@, reyk@.
Manpage help by jmc@.
|
|
ok claudio@ krw@ dlg@
|
|
provide netstat(1) with data it needs; ok claudio reyk
|
|
IPv4 interface address similar to arp_ifinit(). The main difference is
that we do not send out a gracious arp as the carp(4) is not ready to send
at that moment. This will make backup interface show up like the master ones.
OK mpf@ earlier version OK henning@ mcbride@
|
|
ok mpf@ henning@
|
|
so the resulting messages have ifindex set and the routing daemons can
correctly indentify that route as connected. ok mcbride
|
|
that is kept in a list per carp interface. This is the huge first
step necessary to make carp load balancing nice and easy. One carp
interface can now contain up to 32 virtual host instances.
This doesn't do anything useful yet, but here is how an ifconfig
for multiple entries now looks like:
# ifconfig carp2 carpnodes 5:0,6:100 192.168.5.88
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:05
carp: carpdev sis0 advbase 1
state MASTER vhid 5 advskew 0
state BACKUP vhid 6 advskew 100
groups: carp
inet 192.168.5.88 netmask 0xffffff00 broadcast 192.168.5.255
OK mcbride@
|
|
ok deraadt@ dlg@ henric@ mcbride@
|
|
ok krw@
|
|
It is unlikely we will ever get a working replay protection,
so better keep it simple and robust.
The cookie allows us to detect our own advertisements,
thus it is now easy to deal with network loops and
non-simplex interfaces.
Zero feedback by the people who wanted this fixed.
OK henning@, markus@
|
|
The multicast code is still a mess but will no longer crash the box.
With input from pascoe@ who hit the same bug.
OK markus@, henning@, mpf@ (on a previous version)
|
|
one entry for each multicast group and interface combination). this allows
you to run OSPF with more than 10 interfaces.
adapted from freebsd; ok claudio, henning, mpf
|
|
quite a while ago. Manpage and comment update by Matthew Dempsky.
OK jmc@
|
|
any carp group to master status.
ok dhartmei@
|
|
destination of the route belonging to the carp interface.
ok mpf@ claudio@
|
|
interface (ip-less parent).
tested by claudio and me
ok claudio@
|
|
be set to NULL as first in rtrequest1() for all host routes.
With and OK reyk@
|
|
OK mcbride@
|
|
we need a pointer to the inpcb to decide, which was not previously
passed to ip6_output, so this diff is a little bigger.
from itojun, ok ryan
|
|
OK mcbride@
|
|
decomissioned aeon ago. We will not miss it at all.
OK dlg@ henning@ and a lot of cheers by other in the room
|
|
ok dlg claudio
|
|
function as a macro.
ok reyk@ ja ja claudio@
|
|
|
|
|
|
at least exhibit routing messages so it does not confuse the userland
routing daemons by routing table changes not reflected by messages on the
routing socket. effect would be bgpd using wrong nexthops for example, in
the worst case (that i actually ran into) blackholing traffic.
ok reyk claudio "looks correct" miod
|
|
This unbreaks carp reconfiguration.
OK henning@, mcbride@
|
|
This reduces group failover time to a few milliseconds.
Diff from Nathanael.
OK henning@
|
|
This provides a similar functionality as ARP balancing,
but also works for traffic that comes across routers.
IPv6 is supported as well.
The configuration scheme will change as soon we have sth better.
Also add support for changing the MAC address on carp(4)
interfaces. (code from mcbride)
Tested by pyr@ and reyk@
OK mcbride@
|
|
(s6_addr16[1] filled)
ok dhartmei
|
|
and early in the boot process existant. needed by the rc scripts for
carp demotion on the "carp" group. this used to work because pfsync0
was always there and member of said group; it has been broken on pfsync-less
kernels for quite some time. ok mpf mcbride
|
|
virtual MAC address is set. Among other things, this makes route6d work
correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6
link-local addresses in generating the HMAC, but we accept HMACs with AND
without the link-local addresses. They will be added to the HMAC in a future
release.
In short: this change should only affect backwards compatibility for
IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@
ok mpf@ henning@ deraadt@
|
|
ok mpf@ henning@
|
|
we've won the MASTER election.
This seems to be necessary w/ some wacky L3 switches,
that only learn by looking at ARP packets.
Fixes PR 5148.
OK mcbride@
|
|
parameter so they can work on alternate tables. table 0 hardcoded for
many callers yet, that will be adapted step by step.
input + ok claudio norby hshoexer
|
|
As a first user, move the global carp(4) demotion counter
into the interface group. Thus we have the possibility
to define which carp interfaces are demoted together.
Put the demotion counter into the reserved field of the carp header.
With this, we can have carp act smarter if multiple errors occur.
It now always takes over other carp peers, that are advertising
with a higher demote count. As a side effect, we can also have
group failovers without the need of running in preempt mode.
The protocol change does not break compability with older
implementations.
Collaborative work with mcbride@
OK mcbride@, henning@
|
|
the establish calls were bypassed or failed.
ok mpf@
|
|
for dumb non simplex interfaces, that receive packets they've just
sent. Fixes bug 5121.
OK deraadt@, mcbride@
|
|
ok henning mcbride
|
|
outbound), using a new BIOCSDIRFILT ioctl;
guidance, feedback and ok canacar@
|
