Hello everyone. Let me say up front, I'm no Cisco guru, although I do believe I posess a sound understanding of networking involving multiple switches and the potential issues associated with doing so.
I'm looking at a situation where with the introduction of two machines employing CARP to provide resiliant DNS services. The MASTER each would hold an ip and either in the event of failure would hold both. It worked fine for a little bit then all hell seemed to break loose on the network. The network is 3 Catalyst 3750's "ringed" or "clustered" together. There also exists on the network two 3.8 obsd pf's employing carp/pfsync/ifstated. As well there exist several Linux boxes performing LVS (VRRPv2 using same multicast address 224.0.0.18). For some reason, perhaps coincidence, when the CARP/DNS servers were introduced great instability was observed until the CARP/DNS servers were removed. Firstly is anyone aware of CARP + Cisco Catalyst switches 3750 or otherwise involving single or multi carp scenarios (various pairs performing different tasks on the same segment). Another thing that I was interested in doing is filtering Multicast period to only the ports involved in CARP activities, however it doesn't appear possible on the Catalyst 3750. If anyone knows otherwise please enlighten me. I've tried playing with IGMP Snooping and enabling filter profiles with ranges 224.0.0.0 224.0.0.255 to deny multicast from the rest of the network but with no success. This is regardless of the two IGMP Snooping modes available (CGMP/PIM-DVMRP). I've also tried setting various interfaces to protected mode and denied any "unkown multicast or unicast" with no success either, still every machine connected to the switch(es) can see the CARP multicast advertisements. Lastly I also attempted to setup a "Multicast Group" grabbing the ports involved but was unsuccessful in creating the group due to any address 224.0.0.0 -> 224.0.0.255 being prohibited. If CARP is 224.0.0.18 this feature is probably not worth looking further at but I figured it was worth mentioning. Any thoughts here are apreciated. I know one of my questions is extremely cisco centric, and I'm aware of the purpose of this channel, so thanks in advance for any feedback! Cheers, James -- James Couzens, Programmer ----------------------------------------------------------------- PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7A7C7DCF "This is not quite as crazy as it sounds, since people knew how to write small, efficient programs in those days, a skill that has subsequently been lost." -- Andrew S. Tanenbaum [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
