Hello Bruno,
> It seems that keepalived's VRRP framework, while working really well for
me,
> doesn't implement real VRRP failover,
I would have said : Doesn t support MAC address takeover :)
> as it doesn't configure the kernel to
> use VMACs but instead creates virual IP on interfaces.
If it could use virtual interface with a configured MAC, then it would use
:). But since Linux Kernel doesn t support MAC address specification
administrativly, VRRP framework can not support VMAC to provide MAC address
takeover.
Julian provided some time ago a iparp patch that was a set of netlink rules
to reply to ARP requests on director VIP. Since ARP reply part work nice,
this should be linked with upper layer to handle VMAC support over TCP/UDP
stream, not only arp request handling. Anyway this iparp patch is very nice
since it is very usefull for fake firewall configuration (I liked it :))
> How could we use real VRRP failover, in order to avoid using gratuitous
ARP
> / ARP cache updates, and provide better and faster failover ?
IMHO, and after many discussions with julian, MAC address takeover is a
little cosmetic. Keep in mind that even if we use MAC address takeover,
gratuitous ARP should be sent on the wire in order to update remote
networking equipment anyway (rfc2338.8.2). But modern networing equipment
handle pertty well MAC cache update... This is why I have decided on my
side to not spend time on this part since VMAC support kernel patch would
only be cosmetic IMHO. OTOH, I really don t think that VMAC would provide
"better & faster failover".
My validate time is very short, trying to support the community the best I
can... so when you have short time you need to cut down / delay some
cosmetic part to keep focused on real functionnalities.
Best regards,
Alexandre
|