MAC Flapping With VRRP on Linux

Alasdair Muckart alasdairmuckart at catalyst.net.nz
Sun May 19 09:36:22 UTC 2024 

Hello FRR folk,

I'm having difficulty with traffic to linux (Ubuntu 22.04, kernel 5.15) 
routers running VRRP.  The problem is MAC flapping between the VRRP MAC 
and the underlying interface MAC. It's so bad traffic from the LAN to 
the VIP is basically unusable. Every who-has for the VIP or the VRRP 
primary's underlying interface IP gets multiple responses, and the mac 
table on the switches is flailing.

I've tried all the combinations of the various arp sysctl I can think of 
and I can't get one that will only respond to requests for the VIP with 
the VRRP MAC. Either I get duelling replies with both the VIP MAC and 
the underlying interface MAC, or I get nothing at all.

Can anyone tell me what I need to do to get the routers to only reply 
with the VIP MAC when there's an arp who-has for the VIP?  I couldn't 
see anything in the manual about this.

TIA.


In case it's relevant, the topology as follows:

A pair of core switches connected by an ERPS ring.

Two routers, each connected to both switches with an active/passive bond 
interface.

VRRP running on the bond interface. The bond interfaces are .2 and .3, 
the VIP is .1.

The eth0 and eth1 interfaces are unnumbered children of the bond0.

                 192.168.1.2/24


                eth0       eth1
        +-----------+bond0+-X----------+
        |           |     |            |
        |        +--+-----+--+         |
        |        | vrrp4-1-1 |         |
        |        +-----------+         |
        |        192.168.1.1/24        |
        |                              |
+------+-----+                 +------+-----+
|            +-----------------+            |
|  SWITCH 1  |       ERPS      |  SWITCH 2  |
|            +---------------X-+            |
+------+-----+                 +------+-----+
        |                              |
        |                              |
        |        +-----------+         |
        |        | vrrp4-1-1 |         |
        |        +--+-----+--+         |
        |           |     |            |
        +-----------+bond0+-X----------+
                eth0       eth1

                 192.168.1.3/24

I've got the bond0 interfaces because FRR doesn't seem to cope at all 
with having two interfaces in the same VRRP on the same router, one of 
them is permanently stuck 'initializing', but the MAC flapping is the 
same with just one interface and no bond.



-- 
Alasdair Muckart (he/him)
Network Infrastructure Architect
Catalyst.Net Limited - Expert Open Source Solutions

Catalyst.Net Ltd - a Catalyst IT group company
DDI: +64 4 897 7794 | Mobile: +64 22 638 5141 | Tel: +64 4 499 2267 | www.catalyst.net.nz

CONFIDENTIALITY NOTICE: This email is intended for the named
recipients only. It may contain privileged, confidential or copyright
information. If you are not the named recipient, any use, reliance
upon, disclosure or copying of this email or its attachments is
unauthorised. If you have received this email in error, please reply
via email or call +64 4 499 2267.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x5DD6A73F91100786.asc
Type: application/pgp-keys
Size: 5430 bytes
Desc: OpenPGP public key
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20240519/f11f90a6/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20240519/f11f90a6/attachment.sig>

More information about the frog mailing list