{"id":2798,"date":"2017-11-26T20:53:12","date_gmt":"2017-11-26T19:53:12","guid":{"rendered":"https:\/\/kudzia.eu\/b\/?p=2798"},"modified":"2017-11-27T10:46:07","modified_gmt":"2017-11-27T09:46:07","slug":"ucarp-and-vmware-esxi","status":"publish","type":"post","link":"https:\/\/kudzia.eu\/b\/2017\/11\/ucarp-and-vmware-esxi\/","title":{"rendered":"ucarp and vmware esxi"},"content":{"rendered":"<p>i&#8217;ve moved a linux router from 9yo physical box to a vm running under esxi 6.5. it&#8217;s a designated master in pair of master \/ slave managed by <a href=\"https:\/\/www.pureftpd.org\/project\/ucarp\">ucarp<\/a>. it took me a while to figure out why it was not working &#8211; why didn&#8217;t the slave &#8216;see&#8217; the master machine? <\/p>\n<p>as it turned out the broadcast packets generated by master did not reach a slave machine, actually they never reached even a physical network card of the vmware server hosting the master node. i had to go to the network settings > vswitch and in security options select <i>accept<\/i> for <i>forged transmits<\/i>. after that the vrrp broadcast packets reached the physical network segment and via it the earlier virtualised designated slave router. <\/p>\n<p>why is that needed? UCARP sends &#8216;alive&#8217; packets with spoofed source MAC address of 0x:00:5e:xx:xx:xx, and vmware &#8211; by default &#8211; does not pass from hosts to the network frames with not-assigned ARP addresses<\/p>\n<p><a href=\"https:\/\/kudzia.eu\/b\/wp-content\/uploads\/2017\/11\/ucarp-cap.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/kudzia.eu\/b\/wp-content\/uploads\/2017\/11\/ucarp-cap.png\" alt=\"\" width=\"722\" height=\"267\" class=\"alignnone size-full wp-image-2809\" srcset=\"https:\/\/kudzia.eu\/b\/wp-content\/uploads\/2017\/11\/ucarp-cap.png 722w, https:\/\/kudzia.eu\/b\/wp-content\/uploads\/2017\/11\/ucarp-cap-300x111.png 300w\" sizes=\"auto, (max-width: 722px) 100vw, 722px\" \/><\/a><\/p>\n<p>Source MAC selection is in <a href=\"https:\/\/github.com\/jedisct1\/UCarp\/blob\/5483e3c557e1381dfa392a6928b13ff73a774311\/src\/carp.c#L248\">carp.c<\/a>. It&#8217;s not a whim of UCARP&#8217;s author but rather part of <a href=\"https:\/\/tools.ietf.org\/html\/rfc5798#section-7.3\">VRRP spec<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>i&#8217;ve moved a linux router from 9yo physical box to a vm running under esxi 6.5. it&#8217;s a designated master in pair of master \/ slave managed by ucarp. it took me a while to figure out why it was not working &#8211; why didn&#8217;t the slave &#8216;see&#8217; the master machine? as it turned out [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,51],"tags":[76,47],"class_list":["post-2798","post","type-post","status-publish","format-standard","hentry","category-tech","category-unimportant","tag-esxi","tag-linux-networking"],"_links":{"self":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/comments?post=2798"}],"version-history":[{"count":8,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2798\/revisions"}],"predecessor-version":[{"id":2810,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2798\/revisions\/2810"}],"wp:attachment":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/media?parent=2798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/categories?post=2798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/tags?post=2798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}