From fd1d6426a2d05f521207c305d10b49fedd92c2df Mon Sep 17 00:00:00 2001 From: Petr Pavlu Date: Mon, 28 Feb 2022 09:27:42 +0100 Subject: [PATCH 1/4] IPaddr2: Allow to disable Duplicate Address Detection for IPv6 "Starting" an IPv6 address with IPaddr2 involves performing Duplicate Address Detection which typically takes at least 1000 ms. Allow the user to disable DAD if they can guarantee that the configured address is not duplicate and they wish to start the resource faster. --- heartbeat/IPaddr2 | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index 735dd7779..650392b70 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 @@ -88,6 +88,7 @@ OCF_RESKEY_arp_sender_default="" OCF_RESKEY_send_arp_opts_default="" OCF_RESKEY_flush_routes_default="false" OCF_RESKEY_run_arping_default=false +OCF_RESKEY_nodad_default=false OCF_RESKEY_noprefixroute_default="false" OCF_RESKEY_preferred_lft_default="forever" OCF_RESKEY_network_namespace_default="" @@ -110,6 +111,7 @@ OCF_RESKEY_network_namespace_default="" : ${OCF_RESKEY_send_arp_opts=${OCF_RESKEY_send_arp_opts_default}} : ${OCF_RESKEY_flush_routes=${OCF_RESKEY_flush_routes_default}} : ${OCF_RESKEY_run_arping=${OCF_RESKEY_run_arping_default}} +: ${OCF_RESKEY_nodad=${OCF_RESKEY_nodad_default}} : ${OCF_RESKEY_noprefixroute=${OCF_RESKEY_noprefixroute_default}} : ${OCF_RESKEY_preferred_lft=${OCF_RESKEY_preferred_lft_default}} : ${OCF_RESKEY_network_namespace=${OCF_RESKEY_network_namespace_default}} @@ -391,6 +393,14 @@ Whether or not to run arping for IPv4 collision detection check. + + +For IPv6, do not perform Duplicate Address Detection when adding the address. + +Use nodad flag + + + Use noprefixroute flag (see 'man ip-address'). @@ -662,6 +672,11 @@ add_interface () { msg="Adding $FAMILY address $ipaddr/$netmask with broadcast address $broadcast to device $iface" fi + if [ "$FAMILY" = "inet6" ] && ocf_is_true "${OCF_RESKEY_nodad}"; then + cmd="$cmd nodad" + msg="${msg} (with nodad)" + fi + if ocf_is_true "${OCF_RESKEY_noprefixroute}"; then cmd="$cmd noprefixroute" msg="${msg} (with noprefixroute)" From f4a9e3281d48c5d37f5df593d014706c46ddb3a7 Mon Sep 17 00:00:00 2001 From: Petr Pavlu Date: Mon, 7 Mar 2022 17:21:59 +0100 Subject: [PATCH 2/4] IPaddr2: Allow to send IPv6 Neighbor Advertisements in background "Starting" an IPv6 address with IPaddr2 involves sending Neighbor Advertisement packets to inform neighboring machines about the new IP+MAC translation. By default, 5x packets with 200 ms sleep after each are sent which delays the start by 1000 ms. Allow the user to run this operation in background, similarly as is possible with GARP for IPv4. --- heartbeat/IPaddr2 | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index 650392b70..e243a642d 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 @@ -83,7 +83,7 @@ OCF_RESKEY_unique_clone_address_default=false OCF_RESKEY_arp_interval_default=200 OCF_RESKEY_arp_count_default=5 OCF_RESKEY_arp_count_refresh_default=0 -OCF_RESKEY_arp_bg_default=true +OCF_RESKEY_arp_bg_default="" OCF_RESKEY_arp_sender_default="" OCF_RESKEY_send_arp_opts_default="" OCF_RESKEY_flush_routes_default="false" @@ -336,9 +336,10 @@ situations. -Whether or not to send the ARP packets in the background. +Whether or not to send the ARP (IPv4) or NA (IPv6) packets in the background. +The default is true for IPv4 and false for IPv6. -ARP from background +ARP/NA from background @@ -507,6 +508,9 @@ ip_init() { ocf_exit_reason "IPv4 does not support lvs_ipv6_addrlabel" exit $OCF_ERR_CONFIGURED fi + if [ -z "$OCF_RESKEY_arp_bg" ]; then + OCF_RESKEY_arp_bg=true + fi else FAMILY=inet6 # address sanitization defined in RFC5952 @@ -527,6 +531,9 @@ ip_init() { exit $OCF_ERR_CONFIGURED fi fi + if [ -z "$OCF_RESKEY_arp_bg" ]; then + OCF_RESKEY_arp_bg=false + fi fi # support nic:iflabel format in nic parameter @@ -893,6 +900,20 @@ run_arp_sender() { fi } +log_send_ua() { + local cmdline + local output + local rc + + cmdline="$@" + output=$($cmdline 2>&1) + rc=$? + if [ $rc -ne 0 ] ; then + ocf_log err "Could not send ICMPv6 Unsolicited Neighbor Advertisements: rc=$rc" + fi + ocf_log info "$output" + return $rc +} # # Run send_ua to note send ICMPv6 Unsolicited Neighbor Advertisements. @@ -930,7 +951,11 @@ run_send_ua() { ARGS="-i $OCF_RESKEY_arp_interval -c $OCF_RESKEY_arp_count $OCF_RESKEY_ip $NETMASK $NIC" ocf_log info "$SENDUA $ARGS" - $SENDUA $ARGS || ocf_log err "Could not send ICMPv6 Unsolicited Neighbor Advertisements." + if ocf_is_true $OCF_RESKEY_arp_bg; then + log_send_ua $SENDUA $ARGS & + else + log_send_ua $SENDUA $ARGS + fi } # Do we already serve this IP address on the given $NIC? From c8afb43012c264f3ee24013a92b2a2f3566db2fd Mon Sep 17 00:00:00 2001 From: Petr Pavlu Date: Tue, 8 Mar 2022 12:35:56 +0100 Subject: [PATCH 3/4] IPaddr2: Log 'ip addr add' options together Change the log message in add_interface() from "Adding ... (with ) (with )" to "Adding ... (with )". --- heartbeat/IPaddr2 | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index e243a642d..dca1b6f5b 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 @@ -651,7 +651,7 @@ delete_interface () { # Add an interface # add_interface () { - local cmd msg ipaddr netmask broadcast iface label + local cmd msg extra_opts ipaddr netmask broadcast iface label ipaddr="$1" netmask="$2" @@ -679,23 +679,24 @@ add_interface () { msg="Adding $FAMILY address $ipaddr/$netmask with broadcast address $broadcast to device $iface" fi + extra_opts="" if [ "$FAMILY" = "inet6" ] && ocf_is_true "${OCF_RESKEY_nodad}"; then - cmd="$cmd nodad" - msg="${msg} (with nodad)" + extra_opts="$extra_opts nodad" fi if ocf_is_true "${OCF_RESKEY_noprefixroute}"; then - cmd="$cmd noprefixroute" - msg="${msg} (with noprefixroute)" + extra_opts="$extra_opts noprefixroute" fi if [ ! -z "$label" ]; then - cmd="$cmd label $label" - msg="${msg} (with label $label)" + extra_opts="$extra_opts label $label" fi if [ "$FAMILY" = "inet6" ] ;then - cmd="$cmd preferred_lft $OCF_RESKEY_preferred_lft" - msg="${msg} (with preferred_lft $OCF_RESKEY_preferred_lft)" + extra_opts="$extra_opts preferred_lft $OCF_RESKEY_preferred_lft" + fi + if [ -n "$extra_opts" ]; then + cmd="$cmd$extra_opts" + msg="$msg (with$extra_opts)" fi ocf_log info "$msg" From cb4d52ead694718282a40eab24e04b6d85bcc802 Mon Sep 17 00:00:00 2001 From: Petr Pavlu Date: Mon, 7 Mar 2022 17:25:02 +0100 Subject: [PATCH 4/4] IPaddr2: Clarify behavior of 'arp_*' parameters for IPv4 and IPv6 * Mention that 'arp_*' parameters are shared by the IPv4 and IPv6 code. * Clarify description of these parameters and mark which of them apply only to IPv4. --- heartbeat/IPaddr2 | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index dca1b6f5b..97a7431a2 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 @@ -157,6 +157,12 @@ and/or clone-max < number of nodes. In case of node failure, clone instances need to be re-allocated on surviving nodes. This would not be possible if there is already an instance on those nodes, and clone-node-max=1 (which is the default). + +When the specified IP address gets assigned to a respective interface, the +resource agent sends unsolicited ARP (Address Resolution Protocol, IPv4) or NA +(Neighbor Advertisement, IPv6) packets to inform neighboring machines about the +change. This functionality is controlled for both IPv4 and IPv6 by shared +'arp_*' parameters. Manages virtual IPv4 and IPv6 addresses (Linux specific version) @@ -306,28 +312,30 @@ a unique address to manage -Specify the interval between unsolicited ARP packets in milliseconds. +Specify the interval between unsolicited ARP (IPv4) or NA (IPv6) packets in +milliseconds. This parameter is deprecated and used for the backward compatibility only. It is effective only for the send_arp binary which is built with libnet, and send_ua for IPv6. It has no effect for other arp_sender. -ARP packet interval in ms (deprecated) +ARP/NA packet interval in ms (deprecated) -Number of unsolicited ARP packets to send at resource initialization. +Number of unsolicited ARP (IPv4) or NA (IPv6) packets to send at resource +initialization. -ARP packet count sent during initialization +ARP/NA packet count sent during initialization -Number of unsolicited ARP packets to send during resource monitoring. Doing -so helps mitigate issues of stuck ARP caches resulting from split-brain +For IPv4, number of unsolicited ARP packets to send during resource monitoring. +Doing so helps mitigate issues of stuck ARP caches resulting from split-brain situations. ARP packet count sent during monitoring @@ -345,7 +353,7 @@ The default is true for IPv4 and false for IPv6. -The program to send ARP packets with on start. Available options are: +For IPv4, the program to send ARP packets with on start. Available options are: - send_arp: default - ipoibarping: default for infiniband interfaces if ipoibarping is available - iputils_arping: use arping in iputils package @@ -357,7 +365,7 @@ The program to send ARP packets with on start. Available options are: -Extra options to pass to the arp_sender program. +For IPv4, extra options to pass to the arp_sender program. Available options are vary depending on which arp_sender is used. A typical use case is specifying '-A' for iputils_arping to use @@ -388,7 +396,7 @@ IP address goes away. -Whether or not to run arping for IPv4 collision detection check. +For IPv4, whether or not to run arping for collision detection check. Run arping for IPv4 collision detection check