Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Keepalived + VRRP Routing problem
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
vad3r
Guru
Guru


Joined: 02 May 2004
Posts: 461
Location: Munich, Germany
PostPosted: Thu Feb 08, 2007 4:23 pm    Post subject: Keepalived + VRRP Routing problem Reply with quote
Hi all,

i just installed a router/firewall cluster to handle our complete internal traffic. The two nodes are configured as a active/active routing cluster
and share the responsibility for a couple of VLAN's.

Host-A responsible for VLAN's: 10 12 14 16 18 20
Host-B responsible for VLAN's: 11 13 15 17 19

The whole failover works quite well but there's still a problem to be solved. Our Monitoring system needs to monitor the GW addresses for all the
VLANS. If the monitoring hosts has it's gateway on Host-A it can't ping any of the VIP's on the other node. It even can't ping the other cluster node's
real IP.
All the hosts that reside on the remote network can be reached without any problem. I think this is because the gateway for the monitoring host can access
the target host directly and has no problem transporting the answer to the monitoring host.

The only routes added to the system are:

- the network routes (for every nic)
- some more network rules to remote locations

Any suggestions?



Thanks in advance

Daniel
Back to top
View user's profile Send private message
think4urs11
Bodhisattva
Bodhisattva


Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
PostPosted: Thu Feb 08, 2007 9:08 pm    Post subject: Re: Keepalived + VRRP Routing problem Reply with quote
If i understood correct you have one dedicated machine which monitors the both vrrp members and all their ip addresses, both physical and virtual?
So this machine (lets say in vlan 10) should have the vip for vlan10 as default gw, not one of the members ip nor should dedicated routes be needed.
With that it should be possible to monitor all virtual ips in all vlans as all member ips for every vlan.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself
Back to top
View user's profile Send private message
vad3r
Guru
Guru


Joined: 02 May 2004
Posts: 461
Location: Munich, Germany
PostPosted: Fri Feb 09, 2007 10:11 am    Post subject: Reply with quote
Thanks for your answer. The default gw for the monitoring server is the VRRP address. None of the "real" addresses is used.

The strange problem is that the monitoring can reach all the host in all VLAN's. It just can't reach all the VRRP Adresses. It has to be some kind of routing issue on the routers.

I fixed the problem temporarily by making one of the routers the master for all addresses. Now the problem disappeared and the monitoring host can reach all hosts + the VRRP addresses but that's not the way it should be. We need the ability to share the traffic between the nodes.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy