[FROG] MAC Flapping With VRRP on Linux

Alasdair Muckart alasdairmuckart at catalyst.net.nz
Thu May 23 02:23:06 UTC 2024 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Quentin,

As far as I can see the required sysctls are undocumented.

Here are the links:

23: vrrp4-1-1 at bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group 200 qlen 1000
    link/ether 00:00:5e:00:01:01 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535
    macvlan mode bridge bcqueuelen 1000 usedbcqueuelen 1000 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

14: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group 200 qlen 1000
    link/ether e2:39:b3:4e:bc:47 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535
    bond mode active-backup active_slave enp10s0f1 miimon 1000 updelay 0 downdelay 0 peer_notify_delay 0 use_carrier 1 arp_interval 0 arp_validate none arp_all_targets any primary enp10s0f1 primary_reselect always fail_over_mac none xmit_hash_policy layer2 resend_igmp 1 num_grat_arp 1 all_slaves_active 0 min_links 0 lp_interval 1 packets_per_slave 1 lacp_active on lacp_rate slow ad_select stable tlb_dynamic_lb 1 addrgenmode eui64 numtxqueues 16 numrxqueues 16 gso_max_size 65536 gso_max_segs 65535

11: enp10s0f1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DEFAULT group 200 qlen 1000
    link/ether e2:39:b3:4e:bc:47 brd ff:ff:ff:ff:ff:ff permaddr 90:3c:b3:3f:da:18 promiscuity 0 minmtu 68 maxmtu 9710
    bond_slave state ACTIVE mii_status UP link_failure_count 0 perm_hwaddr 90:3c:b3:3f:da:18 queue_id 0 addrgenmode none numtxqueues 64 numrxqueues 64 gso_max_size 65536 gso_max_segs 65535 parentbus pci parentdev 0000:0a:00.1

13: enp11s0f1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DEFAULT group 200 qlen 1000
    link/ether e2:39:b3:4e:bc:47 brd ff:ff:ff:ff:ff:ff permaddr 90:3c:b3:3f:da:1a promiscuity 0 minmtu 68 maxmtu 9710
    bond_slave state BACKUP mii_status UP link_failure_count 0 perm_hwaddr 90:3c:b3:3f:da:1a queue_id 0 addrgenmode none numtxqueues 64 numrxqueues 64 gso_max_size 65536 gso_max_segs 65535 parentbus pci parentdev 0000:0b:00.1


The required sysctls were 'net.ipv4.conf.bond0.arp_ignore=1' and 'net.ipv4.conf.vrrp4-1-1.arp_ignore=1'

Cheers.

Quentin Young <qlyoung at qlyoung.net> writes:

> 1.  ( ) text/plain          (*) text/html           
>
> I'm glad you found a solution for your problem. If you would humor me, I'm still interested in your configuration, because the documentation doesn't
> mention any arp_ignore settings and if they are necessary I would like to document them.
>
> I find your setup interesting because I have a vague memory of similar deployments using VRRP on bonds and I don't recall needing to set those
> options. I am wondering if a kernel change happened, my memory is wrong, or if this really just is undocumented.
>
> If possible, could you send the results of:
>
> ip -d link show vrrp4-1-1 at bond0
> Thanks,
> Quentin
>
> On 5/19/24 8:03 PM, Alasdair Muckart via frog wrote:
>
>  _______________________________________________
> frog mailing list
> frog at lists.frrouting.org
> https://lists.frrouting.org/listinfo/frog
>
> [4. text/plain]
> _______________________________________________
> frog mailing list
> frog at lists.frrouting.org
> https://lists.frrouting.org/listinfo/frog


- -- 
Alasdair Muckart (he/him)
Network Infrastructure Architect
Catalyst.Net Limited - Expert Open Source Solutions

Catalyst.Net Ltd - a Catalyst IT group company
DDI: +64 4 897 7794 | Mobile: +64 22 638 5141 | Tel: +64 4 499 2267 | www.catalyst.net.nz

CONFIDENTIALITY NOTICE: This email is intended for the named
recipients only. It may contain privileged, confidential or copyright
information. If you are not the named recipient, any use, reliance
upon, disclosure or copying of this email or its attachments is
unauthorised. If you have received this email in error, please reply
via email or call +64 4 499 2267.
-----BEGIN PGP SIGNATURE-----

iQJUBAEBCgA+FiEEu4g3jwJ68cPCdgH9iBAgH4ERwwMFAmZOqWAgHGFsYXNkYWly
bXVja2FydEBjYXRhbHlzdC5uZXQubnoACgkQiBAgH4ERwwN+PxAAi5XxFJObiPEm
qGwtfU0EP6I6nhruLmBCS05Q4+Ui6/WOTH02Jgz0B+6MuHYlLhL1g1EZJUB8HfF/
U+g9eRUTy77AYirY7HJaZ8rbD6GVJZyqaFteNvqEKTnCc6Ag14ToT953DaGOQ1LS
jnWvTGhJWl6qlrWHaWnp3NCjfuisarJvlpMJnVXggnwjZ+LuqslBj9E0II786Sto
gzcp81xd+a1a4pKOFyuYbCzziBDrW0o6Tdhdt7Eb3LLqQUtzlKmyQ+sWWX5q+NDE
nYUHMVzl+/HqFt/LkCl3nsdZT+PeYm3LEuU8R84UhSttwwJ2STeJSNORayeGq1Xi
KYbxyikKRccun2Zhs0MpXa5ViMITdkZg45iskeDW+YCm3dFPUGvxqCXgSh9sNflo
3U9o9ZkOYYt9eqXd6/VUv6ZInhXXswxhMLXsXgxIeUvA44zx3DLdCAAS1KaaqSSo
sNJqm4Zu/ozJVGrx71K8HxWmyfxnpDz8pTlpUCmF7y+KSp2GQxgcpS7i4fCqk58O
QkcD8DJX5RdF0UydeZacbStylclAn36BOlJoYyrhaXqETeIcgjLsS3ng2lGCE15J
ZQQzbC/tHY8TRTcdPrEDR00gmJNZZi4dvd0KwY2UPG1/IgNSVw1Yc3VktGYgHOKw
ULEbtp4dccs0VcTK7c6Chj3Hq0UFZSU=
=WpJf
-----END PGP SIGNATURE-----

More information about the frog mailing list