Mailing List Archive: mod_backhand: Wackamole

arp problems

Index | Next | Previous | View Threaded

pxfabri at yahoo

Dec 24, 2001, 12:43 AM

Post #1 of 7 (1437 views)
Permalink

arp problems

Hello,some arp problems in my small test lan.
I have installed on two pc's (One K6 300, the other
486 Dx2 50 Mhz) the wackamole sw.(and spread) in order
to make some tests.
The Lan is built on bnc 10 Mbit ne2000 isa cards.
Wackamole is configured on both the machines to share
a single ip (192.168.0.151), the machines have real ip
192.168.0.2 and 192.168.0.3.
When the shared ip is on the 486 old machine and I
turn up the k6 the ip "goes" on this k6, why? Is the
load balancing based on the "power" of the machine?
How does the Load Balancing works?
Another question, when I turn down the k6, the ip
"goes" to the 486, so thats right but from the other
machines on the lan I cannot ping it,I always have to
delete arp on the 486.
I do the command "arp -ad" on the 486 and all works
fine, Is that because my 486 is an old machine?
On this two machine the o.s. is FreeBSD 4.3.
Any help?
Thanks bye

______________________________________________________________________

Iscriviti al Meglio della Settimana, la newsletter di Yahoo!
Per saperne di più vai alla pagina: http://it.docs.yahoo.com/buongiorno.html

jesus at omniti

Dec 26, 2001, 8:06 AM

Post #2 of 7 (1378 views)
Permalink

arp problems [In reply to]

On Monday, December 24, 2001, at 02:43 AM, fabrizio ravazzini wrote:
> Hello,some arp problems in my small test lan.
> I have installed on two pc's (One K6 300, the other
> 486 Dx2 50 Mhz) the wackamole sw.(and spread) in order
> to make some tests.
> The Lan is built on bnc 10 Mbit ne2000 isa cards.
> Wackamole is configured on both the machines to share
> a single ip (192.168.0.151), the machines have real ip
> 192.168.0.2 and 192.168.0.3.

> When the shared ip is on the 486 old machine and I
> turn up the k6 the ip "goes" on this k6, why? Is the

Because of its order in the Spread group. It has nothing to do with the
power of the machine.

> load balancing based on the "power" of the machine?
> How does the Load Balancing works?

There is no load balancing going on at all. Wackamole is not a load
balancer. It is only an IP availability tool.

> Another question, when I turn down the k6, the ip
> "goes" to the 486, so thats right but from the other
> machines on the lan I cannot ping it,I always have to
> delete arp on the 486.
> I do the command "arp -ad" on the 486 and all works
> fine, Is that because my 486 is an old machine?
> On this two machine the o.s. is FreeBSD 4.3.
> Any help?

It will work right from out side. Wackamole will arp spoof to your
gateway. We found that broadcast arp spoofing didn't "fool" machines on
the LAN anyway. If someone knows how to do this better than we are
doing it now, I am all ears.

So, your router "knows" you new IP address so, people from the outside
coming in will hit the machine.

--
Theo Schlossnagle
1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7

pxfabri at yahoo

Dec 27, 2001, 8:33 AM

Post #3 of 7 (1372 views)
Permalink

arp problems [In reply to]

Thanks for reply,

> > load balancing based on the "power" of the
> machine?
> > How does the Load Balancing works?
>
> There is no load balancing going on at all.
> Wackamole is not a load
> balancer. It is only an IP availability tool.

But in the file wackamole.conf there are some lines
for balancing (balance rate 1,balance timer seconds
10,Complete Balance 2) what are they for?

> It will work right from out side. Wackamole will
> arp spoof to your
> gateway. We found that broadcast arp spoofing
> didn't "fool" machines on
> the LAN anyway. If someone knows how to do this
> better than we are
> doing it now, I am all ears.
>
> So, your router "knows" you new IP address so,
> people from the outside
> coming in will hit the machine.

If my two machines are the gateway that I want it to
be high available, between the router and the Lan, is
there a way to make that the machines of the Lan use
the same virtual ip for the gateway?
this the scheme:

___Nat1_____ Virtual ip
Internet----Router--| \_________________LAN
\___Nat2_____/

I would like Nat1,Nat2(nat-firewalls) be high
available for the Lan.

Thanks, best regards
Fabrizio

______________________________________________________________________

Iscriviti al Meglio della Settimana, la newsletter di Yahoo!
Per saperne di più vai alla pagina: http://it.docs.yahoo.com/buongiorno.html

pxfabri at yahoo

Dec 27, 2001, 8:33 AM

Post #4 of 7 (1385 views)
Permalink

arp problems [In reply to]

jesus at omniti

Dec 27, 2001, 9:19 AM

Post #5 of 7 (1383 views)
Permalink

arp problems [In reply to]

On Thursday, December 27, 2001, at 10:33 AM, fabrizio ravazzini wrote:
> But in the file wackamole.conf there are some lines
> for balancing (balance rate 1,balance timer seconds
> 10,Complete Balance 2) what are they for?

When you have 5 machines covering 10 IP addresses, wackamole will
attempt to balance the number of acquired IP addresses on each machine.
"Equalization" is another way of thinking about it. It isn't _load_
balancing, it is IP address balancing.

That rate describes how quickly a new machine will acquire it's IP
address if it will eventually acquire more than one. I can prevent a
single machine from coming up and acquiring several IPs at once.

> If my two machines are the gateway that I want it to
> be high available, between the router and the Lan, is
> there a way to make that the machines of the Lan use
> the same virtual ip for the gateway?
> this the scheme:
>
> ___Nat1_____ Virtual ip
> Internet----Router--| \_________________LAN
> \___Nat2_____/
>
>
> I would like Nat1,Nat2(nat-firewalls) be high
> available for the Lan.

Hmm... that would actually take some code modifications. I will think
about that some more and come up with a solution. I guess ARP
broadcasting wouldn't hurt anything, but I found in my tests that it was
almost useless.

I think the "correct" thing to do here is to have all of the machines
(Nat1 and Nat2) publish their arp tables every few seconds. Then when
one goes down, we ARP spoof to all of the unique IPs in the ARP table.
Anyone have any comment on this or why my ARP spoof broadcasts are
ignored by BSD and Linux?

On a Sun, the "right" thing to do would be to have the new VIP holder
assume the old VIP holders MAC address. That is easy to do no a Sun,
but not so easy on a PC.

--
Theo Schlossnagle
1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7

yairamir at cnds

Dec 27, 2001, 9:24 AM

Post #6 of 7 (1369 views)
Permalink

arp problems [In reply to]

Hi,

Another solution might be to arp to each local machine specifically
instead of the ignored broadcast. To do that, each machine will need
to know about all of the other machines.

:) Yair.

Theo Schlossnagle wrote:
>
> On Thursday, December 27, 2001, at 10:33 AM, fabrizio ravazzini wrote:
> > But in the file wackamole.conf there are some lines
> > for balancing (balance rate 1,balance timer seconds
> > 10,Complete Balance 2) what are they for?
>
> When you have 5 machines covering 10 IP addresses, wackamole will
> attempt to balance the number of acquired IP addresses on each machine.
> "Equalization" is another way of thinking about it. It isn't _load_
> balancing, it is IP address balancing.
>
> That rate describes how quickly a new machine will acquire it's IP
> address if it will eventually acquire more than one. I can prevent a
> single machine from coming up and acquiring several IPs at once.
>
> > If my two machines are the gateway that I want it to
> > be high available, between the router and the Lan, is
> > there a way to make that the machines of the Lan use
> > the same virtual ip for the gateway?
> > this the scheme:
> >
> > ___Nat1_____ Virtual ip
> > Internet----Router--| \_________________LAN
> > \___Nat2_____/
> >
> >
> > I would like Nat1,Nat2(nat-firewalls) be high
> > available for the Lan.
>
> Hmm... that would actually take some code modifications. I will think
> about that some more and come up with a solution. I guess ARP
> broadcasting wouldn't hurt anything, but I found in my tests that it was
> almost useless.
>
> I think the "correct" thing to do here is to have all of the machines
> (Nat1 and Nat2) publish their arp tables every few seconds. Then when
> one goes down, we ARP spoof to all of the unique IPs in the ARP table.
> Anyone have any comment on this or why my ARP spoof broadcasts are
> ignored by BSD and Linux?
>
> On a Sun, the "right" thing to do would be to have the new VIP holder
> assume the old VIP holders MAC address. That is easy to do no a Sun,
> but not so easy on a PC.
>
> --
> Theo Schlossnagle
> 1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
> 2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7
>
> _______________________________________________
> wackamole-users mailing list
> wackamole-users [at] lists
> http://lists.backhand.org/mailman/listinfo/wackamole-users

pxfabri at yahoo

Dec 28, 2001, 6:18 AM

Post #7 of 7 (1397 views)
Permalink

arp problems [In reply to]

Ok, thanks for help, I'll look for some new features.
Or I'll try to modify the code ( ups!! seems
difficult :) )
Best regards.

--- Theo Schlossnagle <jesus [at] omniti> ha scritto:
>
> On Thursday, December 27, 2001, at 10:33 AM,
> fabrizio ravazzini wrote:
> > But in the file wackamole.conf there are some
> lines
> > for balancing (balance rate 1,balance timer
> seconds
> > 10,Complete Balance 2) what are they for?
>
> When you have 5 machines covering 10 IP addresses,
> wackamole will
> attempt to balance the number of acquired IP
> addresses on each machine.
> "Equalization" is another way of thinking about it.
> It isn't _load_
> balancing, it is IP address balancing.
>
> That rate describes how quickly a new machine will
> acquire it's IP
> address if it will eventually acquire more than one.
> I can prevent a
> single machine from coming up and acquiring several
> IPs at once.
>
> > If my two machines are the gateway that I want it
> to
> > be high available, between the router and the Lan,
> is
> > there a way to make that the machines of the Lan
> use
> > the same virtual ip for the gateway?
> > this the scheme:
> >
> > ___Nat1_____ Virtual ip
> > Internet----Router--|
> \_________________LAN
> > \___Nat2_____/
> >
> >
> > I would like Nat1,Nat2(nat-firewalls) be high
> > available for the Lan.
>
> Hmm... that would actually take some code
> modifications. I will think
> about that some more and come up with a solution. I
> guess ARP
> broadcasting wouldn't hurt anything, but I found in
> my tests that it was
> almost useless.
>
> I think the "correct" thing to do here is to have
> all of the machines
> (Nat1 and Nat2) publish their arp tables every few
> seconds. Then when
> one goes down, we ARP spoof to all of the unique IPs
> in the ARP table.
> Anyone have any comment on this or why my ARP spoof
> broadcasts are
> ignored by BSD and Linux?
>
> On a Sun, the "right" thing to do would be to have
> the new VIP holder
> assume the old VIP holders MAC address. That is
> easy to do no a Sun,
> but not so easy on a PC.
>
> --
> Theo Schlossnagle
> 1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88
> 364C 8284 4984
> 2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F
> BE 27 24 E7
>
>
> _______________________________________________
> wackamole-users mailing list
> wackamole-users [at] lists
>
http://lists.backhand.org/mailman/listinfo/wackamole-users

______________________________________________________________________

Iscriviti al Meglio della Settimana, la newsletter di Yahoo!
Per saperne di più vai alla pagina: http://it.docs.yahoo.com/buongiorno.html

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads