Mark Zipp wrote:> Hi,
>
> We've been recently trying to use VRRP
> (https://sourceforge.net/projects/vrrpd/) to provide redundancy for a
> couple of servers. What we wanted to do was to have both servers be
> VRRP backups for the other. For example :
>
> Server A - eth0
> VRRP Master IP - 10.0.0.1
> VRRP Backup IP - 10.0.0.2
>
> Server B - eth0
> VRRP Master IP - 10.0.0.2
> VRRP Bcakup IP - 10.0.0.1
>
> We'd then put two A records in DNS for the single hostname, and then
> rely DNS round robin to perform basic load balancing between the
> servers. If one of the servers fails, then the other would then take
> over both of the VRRP Master IP addresses. This wouldn't be a perfect
> fail over as any existing TCP sessions would die, however it is enough
> availability for our requirements.
>
> One problem we have is that, due to the way VRRP has to interact with
> kernel ARP, the vrrpd software changes the assigned MAC addresses on
> the interfaces it has been configured to use. Since the above scenario
> would have two VRRP groups, resulting in two different MAC addresses,
> we can't run two instances of VRRP as above using the same ethernet
> interface.
>
> One idea we had was to create a bridge on each server, add eth0 and
> then a couple of dummy interfaces into the bridge, and then have each
> VRRP instance use the a separate dummy interfaces. This would then
> allow the dummy interfaces to have their MAC address changed, and
> would then allow us to run multiple instances of VRRP on the hosts.
>
> Unfortunately when we tried this, we found that because the dummy
> interfaces become "pure" layer 2 interfaces when they are added
to a
> bridge, we can't refer to them with VRRP, as they won't talk IP -
only
> the bridge "brX" interface for a bridge will. Of course, there is
only
> one of them for a bridge, so again we're limited to one VRRP instance
> on the server. Although we didn't expect it to work, we did try
> creating two bridges and assigning the single eth0 interface to both
> them. That didn't work.
>
> Is there a way to somehow create multiple, separate IP interfaces for
> a single bridge ?
>
> The alternative way we were able to get something to work was to use
> VLAN trunk interfaces, as they're IP capable, and are considered
> separate interfaces by VRRP. The drawback was that we'd then have to
> run VLAN trunks into the servers, and also have to have the VRRP
> instances running on different IP subnets. That's certainly an option,
> it was just a bit too complex for what we want to achieve.
>
> If anybody has any suggestions as to how else we might achieve this,
> I'm all ears.
You could try the MAC-VLAN feature in my consolidated patch. MAC-VLANs
give you a virtual interface that has a particular MAC, and packets with
that MAC (or broadcast) are received by it. It's a real network device,
like 802.1Q VLANs, so it will probably work with your VRRP.
My patch is here..there is more than just MAC-VLANs in there, by the way:
http://www.candelatech.com/oss/candela_2.6.13.patch
You'll also need the macvlan_config tool from the VLAN page:
http://www.candelatech.com/~greear/vlan.html
>
> Thanks,
> Mark.
>
> P.S., please CC me as I'm not subscribed to the list.
>
> _______________________________________________
> Bridge mailing list
> Bridge@lists.osdl.org
> https://lists.osdl.org/mailman/listinfo/bridge
>
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com