无论如何,我必须在 3 个独立的 ESXi 5.5 主机上使用 CARP 设置一个由 3 个活动的 OpenBSD 5.5 组成的集群。
我认为我已经接近尾声了,但我在 /var/log/messages 中看到了这条消息:carp0:检测到重放或网络循环
这是我的配置:
在每个 ESXi 上
标准 Vswitch,无 VDS 混杂模式,每个 vswitch 上均启用 mac 更改和数据包伪造 net.reversePathFwsCheckPromisc=1
节点 1
/etc/hostname.em0
inet 172.0.0.19 255.255.0.0 NONE
/etc/hostname.carp0
inet 172.0.0.16 255.255.0.0 172.0.255.255 balancing ip-unicast carpnodes 1:0,2:100,3:50 pass "password" carpdev em0
/etc/sysctl.conf
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=2
/etc/pf.conf
pass quick on em0 inet proto carp from any to any
ifconfig carp0
carp0: flags=8843 mtu 1500
lladdr 00:00:5e:00:01:01
priority: 0
carp: carpdev em0 advbase 1 balancing ip-unicast
state MASTER vhid 1 advskew 0
state BACKUP vhid 2 advskew 100
state BACKUP vhid 3 advskew 50
groups: carp
status: master
inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0x4
inet 172.0.0.16 netmask 0xffff0000 broadcast 172.0.255.255
节点 2
/etc/hostname.em0
inet 172.0.0.20 255.255.0.0 NONE
/etc/hostname.carp0
inet 172.0.0.16 255.255.0.0 172.0.255.255 balancing ip-unicast carpnodes 1:50,2:0,3:100 pass "password" carpdev em0
/etc/sysctl.conf
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=2
/etc/pf.conf
pass quick on em0 inet proto carp from any to any
ifconfig carp0
carp0: flags=8843 mtu 1500
lladdr 00:00:5e:00:01:01
priority: 0
carp: carpdev em0 advbase 1 balancing ip-unicast
state BACKUP vhid 1 advskew 50
state MASTER vhid 2 advskew 0
state BACKUP vhid 3 advskew 100
groups: carp
status: backup
inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0x4
inet 172.0.0.16 netmask 0xffff0000 broadcast 172.0.255.255
节点 3
/etc/hostname.em0
inet 172.0.0.21 255.255.0.0 NONE
/etc/hostname.carp0
inet 172.0.0.16 255.255.0.0 172.0.255.255 balancing ip-unicast carpnodes 1:100,2:50,3:0 pass "password" carpdev em0
/etc/sysctl.conf
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=2
/etc/pf.conf
pass quick on em0 inet proto carp from any to any
ifconfig carp0
carp0: flags=8843 mtu 1500
lladdr 00:00:5e:00:01:01
priority: 0
carp: carpdev em0 advbase 1 balancing ip-unicast
state BACKUP vhid 1 advskew 100
state BACKUP vhid 2 advskew 50
state MASTER vhid 3 advskew 0
groups: carp
status: backup
inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0x4
inet 172.0.0.16 netmask 0xffff0000 broadcast 172.0.255.255
在每个节点上
防火墙已禁用
tcpdump | grep CARP
12:08:37.098390 CARPv2-advertise 36: vhid=3 advbase=1 advskew=50 demote=0 (DF) [tos 0x10]
12:08:37.098533 CARPv2-advertise 36: vhid=3 advbase=1 advskew=50 demote=0 (DF) [tos 0x10]
12:08:37.271021 CARPv2-advertise 36: vhid=2 advbase=1 advskew=0 demote=0 (DF) [tos 0x10]
12:08:37.271028 CARPv2-advertise 36: vhid=2 advbase=1 advskew=0 demote=0 (DF) [tos 0x10]
12:08:37.948303 CARPv2-advertise 36: vhid=1 advbase=1 advskew=0 demote=0 (DF) [tos 0x10]
12:08:37.948415 CARPv2-advertise 36: vhid=1 advbase=1 advskew=0 demote=0 (DF) [tos 0x10]
12:08:38.280916 CARPv2-advertise 36: vhid=2 advbase=1 advskew=0 demote=0 (DF) [tos 0x10]
12:08:38.280921 CARPv2-advertise 36: vhid=2 advbase=1 advskew=0 demote=0 (DF) [tos 0x10]
12:08:38.308264 CARPv2-advertise 36: vhid=3 advbase=1 advskew=50 demote=0 (DF) [tos 0x10]
12:08:38.308395 CARPv2-advertise 36: vhid=3 advbase=1 advskew=50 demote=0 (DF) [tos 0x10]
12:08:38.958201 CARPv2-advertise 36: vhid=1 advbase=1 advskew=0 demote=0 (DF) [tos 0x10]
12:08:38.958305 CARPv2-advertise 36: vhid=1 advbase=1 advskew=0 demote=0 (DF) [tos 0x10]
12:08:39.290790 CARPv2-advertise 36: vhid=2 advbase=1 advskew=0 demote=0 (DF) [tos 0x10]
12:08:39.290808 CARPv2-advertise 36: vhid=2 advbase=1 advskew=0 demote=0 (DF) [tos 0x10]
感谢您的帮助。
答案1
使用 tcpdump 上的以下过滤器检查 CARP 请求的源地址:tcpdump -pni em0 vrrp
启用 net.reversePathFwsCheckPromisc 标志后,您必须禁用并重新启用混杂模式才能激活。
答案2
遇到了同样的问题。奇怪的是,我有一些 1Gbit 的 ESXi 服务器和一些 10Gbit 的 ESXi 服务器连接到不同的交换机。每当我将任何 OpenBSD (5.8) 系统移动到具有 10Gbit 网络的主机上时,日志中都会出现这些错误。按照这篇文章https://kb.vmware.com/s/article/59235我做到了:
esxcli system settings advanced set -o /Net/ReversePathFwdCheckPromisc -i 1
然后关闭接口并重新打开混杂模式,一切就正常了。