|
On Thu, 2007-02-15 at 23:08 +0000, Graeme Fowler wrote:
> Don't use IPSEC authentication for your VRRP packets. As far as I
> recall, the algorithm was (and may still be) broken. Try it with no auth
> at all and see what happens.
Tried that. IPSec auth. Plain auth. No auth. The results are the same,
sadly.
> If you're worried about predictive packet injection knocking the pants
> off of your VRRP instances, change the mcast_src_ip to something only
> you know, and then firewall the heck out of stuff arriving to the VRRP
> multicast address such that only the two known sources can talk to each
> other.
tcpdump didn't show any other mcast traffic, and this will all be
internal behind a firewall, so I'm not worried about someone hijacking
things. I'll turn the auth down to simple just to remove the possibility
of problems later. Thanks.
> Graeme
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
--
Sal Tepedino <stepedino@xxxxxxxxxxxxxx>
|
