Am 12.02.2022 um 12:53 schrieb Andrea Venturoli:
Hello.
I've set up a network with CARP and I think I'm seeing something strange.
What follows is a simplified setup (the real one involves lagg and
vlan, but this should not matter).
I have a Zyxel managed switch,
two "servers":
- A 192.168.0.1
- B 192.168.0.2
and two "clients"
- C 192.168.0.10
- D 192.168.0.11
Now let's add the "shared" CARP IP 192.168.0.3 (vhid 1) to server A
and server B and start sniffing on C and D.
If C or D talks with A or B using their own IP
(192.168.0.1/192.168.0.2) the other client does not see that traffic
(as is to be expected on a switched network).
However if any client talks with the CARP IP (192.168.0.3) every node
on the LAN can sniff that traffic!
I tracked this down to the switch not learning the MAC address
00:00:5e:00:01:01 (which is what CARP vhid 1 uses), so every outgoing
packet is broadcast to the whole network.
Is this normal???
Changing to any other VHID (I tried 2, 4 and 10) does not show the
same problem, as 00:00:5e:00:01:xx will show up in the switch MAC
database.
I'm scrapping my head trying to find an explanation, but so far I
could only think the switch is misbehaving.
Or am I missing some info and there's a reason for this?
Hi, if source address of the SYN-ACK reply between [C|D] -> carpIP is
.3/0:0:5e:00:01:01, I'd blame the switch too (mac adress learning limit
set for the port(s) in question?!?).
But maybe [A|B] respond with wrong source MAC address, depending on the
VHID? Probably not possible at all - don't know our stack that deep.
Worth and easy to check nevertheless.
good hunting,
-harry
