Bug #2144
Virtual IPs are not correctly assigned when multiple HA pools are defined
Description
What is the correct way to define multiple subnets in rightsourceip when using in-memory HA pools ?
in ha.conf, I defined the following:
ha {
# Interval in seconds to automatically balance handled segments between
# nodes. Set to 0 to disable.
autobalance = 10
fifo_interface = yes
# heartbeat_delay = 1000
# heartbeat_timeout = 2100
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
local = 192.168.128.209
monitor = yes
pools {
wifi-pool-1 = 10.20.0.0/16
wifi-pool-2 = 10.21.0.0/16
wifi-pool-3 = 10.22.0.0/16
wifi-pool-4 = 10.23.0.0/16
}
remote = 192.168.128.208
resync = yes
# secret =
segment_count = 2
}
while in ipsec.conf, I defined the following:
rightsourceip=%wifi-pool-1,%wifi-pool-2,%wifi-pool-3,%wifi-pool-4
The same pools are used in two different connections, is that acceptable ?
I'm seeing a lot of these messages:
no address left in HA pool 'wifi-pool-1' belonging toa responsible segment no address left in HA pool 'wifi-pool-3' belonging toa responsible segment no address left in HA pool 'wifi-pool-2' belonging toa responsible segment
Which doesn't make sense, because for now we only have ~2500 clients connected. Also all addresses are assigned only from wifi-pool-4 subnet:
reserved address 10.23.4.130 in HA pool 'wifi-pool-4'
Am I doing something wrong ?
History
#1 Updated by Tobias Brunner almost 9 years ago
- File ha-pool.patch ha-pool.patch added
- Tracker changed from Issue to Bug
- Status changed from New to Feedback
What is the correct way to define multiple subnets in
rightsourceipwhen using in-memory HA pools ?
Your configuration looks reasonable to me. But it looks like there is a bug in handling multiple pools. After assigning an address from the first pool the code currently goes on to assign addresses from the other pools too and eventually returns the address allocated from the last pool. The addresses from the other pools are never released. Please try if the attached patch fixes this.
#2 Updated by Danny Kulchinsky almost 9 years ago
Tobias Brunner wrote:
What is the correct way to define multiple subnets in
rightsourceipwhen using in-memory HA pools ?Your configuration looks reasonable to me. But it looks like there is a bug in handling multiple pools. After assigning an address from the first pool the code currently goes on to assign addresses from the other pools too and eventually returns the address allocated from the last pool. The addresses from the other pools are never released. Please try if the attached patch fixes this.
Hi Tobias,
Just patched the system, seems like this solved the issue. All addresses are now being served from wifi-pool-1 in sequence and I don't see the "no address left in HA pool..." messages.
The problem is that once the 2nd node integrates into the cluster it causes the existing node to crash (after ~1 minute), and it's a dead cycle... they keep crashing one after the other until I stop one of them.
Please take a look at issue #2146 - I've included all the logs and details I could gather.
I'm afraid this could be somehow related to the fix from 1192-ha-half-open branch you suggested ?
#3 Updated by Danny Kulchinsky almost 9 years ago
Just wanted to confirm that the patch resolves the issue completely.
Thank you Tobias! Brilliant support as always :)
I noticed this was not pushed to 5.5.1, do you know which version will include this fix ?
#4 Updated by Tobias Brunner almost 9 years ago
- Subject changed from How to correctly define multiple rightsourceip subnets when using HA pools ? to Virtual IPs are not correctly assigned when multiple HA pools are defined
- Category set to libcharon
- Assignee set to Tobias Brunner
- Target version set to 5.5.2
- Resolution set to Fixed
Thanks for the tests. Queued up for the next release.
#5 Updated by Tobias Brunner over 8 years ago
- Status changed from Feedback to Closed
#6 Updated by Tobias Brunner over 8 years ago
- Category changed from libcharon to high availability (ha plugin)