On 10/10/07 05:35, Abhijit Menon-Sen wrote:
Is anyone using conntrack-tools to implement gateway failover on a network with windows clients?
No, not as of yet. Sorry.
I set it up with ucarp and keepalived, and found that gratuitous ARP doesn't always seem to update the cache on Windows machines. It works the first time, but if a second failover happens, the client continues to send stuff to the wrong MAC address. Linux machines work fine.
Um, why are you not using the same MAC address for the gateway and having the systems decide who is actively using the MAC at any given time?
I've noticed similar reports from other people, but nothing that seemed like a solution.
*nod*
Has anyone experimented with doing MAC address takeover too? That seems like it ought to work, but I haven't tried it out because neither ucarp nor keepalived seem to implement it; and I wondered if I was missing something. What do other people do?
Virtual Router Redundancy Protocol (VRRP) comes to mind. There is a very simple VRRP daemon (vrrpd) for Linux / Unix that will achieve this. To my knowledge it works by creating a new MAC address that is used for the VRRP router. The VRRP router is a virtual router that is traded back and forth between two or more possible real routers.
Technically VRRP creates a new virtual MAC address 00:00:5E:00:01:XX that the IP is associated with. The "XX" is the virtual redundant router ID, usually 1 unless you have multiple virtual redundant routers in your network. The active virtual router will claim the 00:00:5E:00:01:XX MAC address and send out GARPs to update switch / bridge tables for the new location of the same MAC address. The two or more VRRP routers will heart beat each other (I think by multicast (?)) and if the active does not heartbeat with in a timeout the next router in the chain takes over, GARPs to updates switch / bridge tables and clients continue using the same MAC address.
I've set up VRRP on a couple of test systems just long enough to say "Yep, that works." but did not do any thing further. I used vrrpd which was ridiculesly easy to set up. Be aware that VRRP is only meant for routers and not for hosts that have things bound to the virtual interface / IP, you want some sort of load balancing / failover scenario in that case.
Grant. . . . _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
