On Fri, Nov 04, 2005 at 02:57:35AM +0000, Ryan McBride wrote: > On Thu, Nov 03, 2005 at 06:11:20PM -0500, Jon Hart wrote: > > 1) used to determine that a particular carp packet is intended for > > you carp host? > > carp(4) does a number of validity checks before treating the packet a > real carp packet: > > - was the device recieved on a interface that has a carp device on it? > - is the ttl 255 (prevents routed carp packets from being accepted) > - packet length > - crc32 checksum > - VHID > - Is the carp interface UP and RUNNING? > - version > - SHA-1 HMAC > > > 2) given that a carp host knows that a particular carp packet is one > > that it cares about, how does it verify that all of the parameters > > contained within are legit? > > It checks the HMAC, which contains the password, version, counter, type, > and the addresses. > > [snip]
Great, thank you! > > If the answer to all this is to just ensure that if I ever have more > > than one carp pair on the same network to ensure that I have different > > vhids, > > Yes, you MUST use a different vhid for different carp clusters on the > same link-local network; the MAC address for the carp interface is > generated from the vhid, and if you don't keep this unique your switch > will likely get confused. Great, this confirms what I learned. I also checked out the pf/carp faq and the description of vhid there adequately describes the purpose of a vhid and makes it fairly clear that different carp clusters on the same network must use different vhids. The carp manpage eludes to this but could perhaps be made more clear. Something along the lines of: "To use carp, the administrator needs to configure at minimum a common virtual host ID (vhid) and virtual host IP address on each machine which is to take part in the virtual group. The vhid is used to uniquely identify all members of a virtual group and hosts on the same link-local network must different vhids." > > does anyone have a vhid numbering scheme that they've found workable? > > I had been using interface number +1 (so the carp for em0 would be > > vhid 1, etc). > > In many situations, I use the last octet of the first virtual IP > address. (If your virtual IP is 192.168.0.23, use 23 as your vhid) Genius! Thanks again, -jon
