rama at pitties
Dec 11, 2003, 11:48 AM
Views: 1290
Permalink
|
|
Wackamole problem with arp cache on firewall/gateway
|
|
Hello Wackamole users,
I have a two servers (1 is RLH 9.0 and 1 is RHL 7.3) and am using
wackamole 2.0.0 and spread 3.17.1. Each server has 3 Nics. I have
configured a single virtual IP on eth0.
Everything works perfect, except my firewall/gateway arp cache does not
get updated. My firewall is not running Wackamole but I thought the
Notify part of wackamole would tell my firewall to refresh it's arp
cache. If I manually delete the arp entry in my firewall everything
works after wackamole changes the owner of my virtual IP. Actually,
only the two machines running wackamole seem to have good arp caches.
Every other machine (solaris) on my subnet has a stale arp entry.
Here is my conf (with the IPs changed to protect the guilty):
# The Spread daemon we are going to connect to. It should be on the
local box
Spread = 4803
SpreadRetryInterval = 5s
# The group name
Group = wack1
# Named socket for online control
Control = /var/run/wack.it
# Denote the interface we prefer to have
#prefer eth0:10.3.4.5/8
#prefer { eth0:10.2.3.4/8 eth1:192.168.10.23/24 }
# In most cases, I just don't care. Let wackamole decide.
# If both servers are working, this server should have the virtual IP
Prefer { eth0:10.10.10.25/32 }
# List all the virtual interfaces (ALL of them)
VirtualInterfaces {
# The following two lines have the same effect
# en0:192.168.1.2/24
{ eth0:10.10.10.25/32 }
# This is how you say 2 or more IPs are to be treated as a single
# "set" or "virtual interface". If wackamole decides that this
# machine will manage it, you are ensured to get ALL the ips in the
# set.
# { en1:10.0.0.1/8 en0:192.168.35.64/26 }
}
# Collect and broadcast the IPs in our ARP table every so often
Arp-Cache = 90s
# List who we will notify
# Here the netblock (/24 or /28) can be deceptive. It is NOT a
netmask
# for a single IP. It is how one will describe that they want to
# notify ALL IPs in a segment.
Notify {
# Let's notify our router: ***** My firwall, 10.10.10.1's arp
cache becomes stale, this is my problem **********
eth0:10.10.10.1/32
# Notify out DB server on eth1
eth1:10.10.11.5/32
# 10.0.0.0 -> 10.0.0.255, but only 128 notifications/sec
eth0:10.10.10.0/24 throttle 128 #
***** appearantly this doesn't fix stale arp caches either on
solaris boxes on my subnet *******
# Wackamole shares arp-cache across machines, this says to
# notify every IP address in the aggregate shared arp-cache.
arp-cache
}
balance {
# This field is the maximum number of IP addresses that will move
# from one wackamole to another during a round of balancing.
AcquisitionsPerRound = all
# Time interval in each balancing round.
interval = 4s
}
# How long it takes us to mature
mature = 5s
Thank you,
-Rama McIntosh
|
Wackamole problem with arp cache on firewall/gateway
