On Fri, May 21, 2010 at 12:22:10AM +0200, Reyk Floeter wrote: > > Linux's bonding module has an arp monitor which solves some of these > > problems, but the implementation is so hackish (as usual there...) that > > I'd rather not use it in production. arping and ifstated might do the > > same on openbsd, but I'm not sure if that will work when the interfaces > > are trunk ports. I'll need to check this when I have time. > > > > why not? trunk is just a "normal" ethernet interface. the monitoring should be done on the ports/slaves/child interfaces, not the trunk itself. I don't see why arping wouldn't work on those, either, but I haven't tested it.
> the linux bondage trick sounds hackish, but link detection protocols > like udld or bfd should help here on the ethernet level. many managed > switches support one of these protocols and i'd like to do this on the > openbsd side at some point to alter the link state based on optional > uni-/bidirectional link detection. This would be a pretty good "out of the box" solution. "end to end" monitoring with ifstated would still be useful especially on the end hosts, which can just (ar)ping the carp gateway and kick out interfaces that can't reach it. That would work against config mistakes (missing vlans) and all kinds of subtle switch failures. For the routers this is not so easy, they would need to ping an assortment of end hosts to get a really useful "end to end" check. And there is always relayd et al that solve the problem even better (in the cases where it can be used.)
