Home / user-373333

user373333's questions

Martin Hope
user373333
Asked: 2016-12-21 05:09:09 +0800 CST
  • 10

Is there a way for a keepalived to send gratuitous ARP periodically?

We had following situation:

  1. switch failure (VLAN setup)
  2. keepalived failovered to backup instance
  3. backup instance sent gratuitous ARP but Cisco ASA device didn't got it (because of switch failure)
  4. when switch was recovered (few minutes later) VIPs were unaccessible cause ASA did not refresh the ARP table (ARP table expiry is set to 4h)
  5. as ASA already had the MACs from previously active node it didn't sent ARP request
  6. VIP were unaccessible until we restarted the keepalived instance what initiated new GARP

So, we think that we could avoid this situation with periodical GARPs. Is this a good approach and is there a way to do it within keepalived?

Any other suggestions to avoid this kind of issues?

Keepalived config:

global_defs {
   notification_email {
     [email protected]
   }

   notification_email_from SERVER_1
   smtp_server smtp.server.local
   smtp_connect_timeout 30
   router_id SERVER_1
}

vrrp_instance V1 {
    state BACKUP
    nopreempt
    interface eth0
    lvs_sync_daemon_interface eth0
    virtual_router_id 150
    priority 120
    advert_int 1
    persistence_timeout 0
    smtp_alert

    authentication {
        auth_type PASS
        auth_pass xxx
    }

    virtual_ipaddress {
    10.xxx.xxx.xxx
    }
}
arp high-availability failover linux-networking keepalived
Martin Hope
user373333
Asked: 2016-09-01 10:25:43 +0800 CST
  • 0

I have a situation where I want to receive UDP traffic on two different ports on the same machine (two different services) and would like to avoid double sending of data.

So, this is the idea:

(rsyslog client) ----(network)---> (10540 rsyslog and 11540 logstash)

rsyslog and logstash are on the same machine.

I need something in front of those two services that could serve them both with the same data. Ideally this would be located on the same machine as mentioned services. Something like L4 balancer that can send all data to multiple destinations or some kind of port mirroring mechanism. Or anything else that could serve the purpose.

The reason for this is that I'm collecting linux audit logs, and want to save some of them to Graylog (using logstash) and other to the filesystem. I've tried to do that with logstash but it messes with format of logs stored on disk and they are not readable for aureport, ausearch and ausummary tools.

Haven't found a way to fix the format whitin logstash to be readable by those tools.

I'm using CentOS7. I don't have access to network devices.

Thanks for your suggestions.

linux centos7 rsyslog linux-networking logstash