2

I got two firewalls running Keepalived and working ok. I would like to pass the vrrp multicast traffic bethween a direct back to back link between those firewalls (that direct link is already used by conntrackd).

In order to do that I did add a route like that : 224.0.0.0 * 240.0.0.0 U 0 0 0 eth3

Using the command : route add -net 224.0.0.0 netmask 240.0.0.0 dev eth3

But if I type iftop -i eth0 -f vrrp, I still can see multicast traffic on that link and no vrrp traffic at all on eth3...

Any idea why my route is ignored ?

Regards,

1 Answers1

3

The VRRP multicast traffic MUST be sent on the interface that vrrpd tracks, otherwise a failure of that network MAY go undetected (you're not only tracking the up/down status of the other host(s), but also their network connectivity).

If your setup is similar to the following:

A - s1 - s2 - B
|             |
+-------------+

how would you (using the direct link between A and B) detect that the link between S1 and S2 (switches, in this case) goes down?

Vatine
  • 5,390
  • 23
  • 24