Solved CARP and arp table

[Charlie Root]

Hi,
I have trouble when setting up carp for gateway server.
Server A has ip address 10.10.0.11 , server B has address 10.10.0.12. They share virtual ip address 10.10.0.1 by carp and they are in the same vlan.
Problem is: If server C has ip address 10.10.0.34 and set default gateway to one of server A, server B real ip address - it's ok
If server C set default gateway to virtual ip address 10.10.0.1 will not work.
#arp -a on server C take much time to find out mac address of above ip address.
Does some one meet the same problem before, do you know how to fix it?
Thank for your help!

 

[SirDice]

It might be caused by the switch. The switch may still be mapping the MAC address to the 'wrong' physical port. It can take some time for the CAM tables on the switch to timeout or updated with the new port.

 

[leebrown66]

I've done this on CentOS, but the principal should be the same.
When the CARP script is run that takes over the address, issue arping(8) from net/arping to update the neighbour ARP tables (-U I think you need). You should be able to look at the network traffic on Server C and see the ARP message come over. That should also force any switch to update it's internal tables.

 

[Charlie Root]

Thank for your answer,
I have thought about timeout on CAM table of switch. As i know , the timeout by default is 5 sec. However, carp state was changed in very long time ( some days).
I see when run arp -a on server C always take much time, even it found mac address of carp virtual ip before.

 

[leebrown66]

That sounds like a DNS issue.
try arp -an to see if it prints much more quickly.

 

[Charlie Root]

Hi,
Thanks all for your help
My problem was resolved. I think ISP switch blocked my mac address of VIP.
Last question is: How switch can block mac address but not let the port is down ?

 

[SirDice]

Last question is: How switch can block mac address but not let the port is down ?

The exact specifics depend on the type and brand of the switch. But it's certainly possible. Just because a port is "administratively" up doesn't mean it'll accept traffic.

 

[leebrown66]

As SirDice said. For example if there's a simple MAC filter on that port, it will be up, but only certain MAC's will pass traffic into the switch.