Hi Alex,
On Mon, Apr 18, 2011 at 08:26:50AM +0200, Alexandre Cassen wrote:
> Hello,
>
> I would just like to pop-up here to announce that Keepalived VRRP code is
> now supporting VMAC. I am right now looking for beta-testers in order to
> give it a try. The code supporting VMAC is currently in Keepalived GIT
> repo in branch 1.2.0.
>
> In order to use it just add "use_vmac" in your vrrp_instance and it will
> use/bring up a new interface named vrrp.{vrrp_instance}. you might use
> arp_ignore=2 since it will fit in most of setup.
Hehe that's exciting news. When experimenting with macvlan interfaces, we found that they were not as convenient as we'd have expected, because all the traffic is received by the macvlan interface (here vrrp.$inst) instead of the real interface. This is useful in many situations, but not all in the end, because when you're making use of netfilter or ip rules that take into account the incoming interface, you get two distinct interfaces for the real one and the virtual one. I first thought it would be enough to rename vrrp.$inst to "ethXXX.vrrp.$inst" in order to be able to match on the physical interface but it's still not enough for all setups. For instance, haproxy is able to bind to an interface. If you bind to eth0, it will not receive the traffic sent to the vmac.
We have not found an easy solution to this issue. I think we'd need to add a flag to the kernel when creating a macvlan interface to indicate that traffic comming from this interface should be marked as coming from the parent instead. I did not spend enough time on this to be able to check all other possibilities though, so maybe you've already met the issue and have another nice idea.
Cheers,
Willy
Received on 2011/04/19 07:36
This archive was generated by hypermail 2.2.0 : 2011/04/19 07:45 CEST