EuroBSDCon 2005 (NewsForge)
One presentation that stood out from the crowd was on "Building Robust Firewalls with OpenBSD and PF," by Ryan McBride. McBride talked about how to use CARP between two OpenBSD PF firewalls. To show that no traffic was dropped when one of the firewalls was rebooted, he played a song from a PC outside of the firewall. After rebooting and pulling cables to show the redundancy, McBride took the demonstration one step further. He asked someone from the audience to select a numbers of cables. He then took an axe from under the table and started to hack the selected cables -- giving the word "hacking" a whole new meaning. The song didn't miss a single beat, and the 200+ audience members applauded loudly."
Posted Jan 7, 2006 12:27 UTC (Sat)
by Los__D (guest, #15263)
[Link]
Posted Jan 7, 2006 19:15 UTC (Sat)
by einstein (subscriber, #2052)
[Link] (7 responses)
Posted Jan 7, 2006 19:24 UTC (Sat)
by danielthaler (guest, #24764)
[Link] (5 responses)
Read up on carp ;) On kerneltrap for example. With that kind of protocol it should be quite realistic. Besides, why fake it, when people could simply read the source and call him a liar later on?
Posted Jan 7, 2006 22:39 UTC (Sat)
by einstein (subscriber, #2052)
[Link] (4 responses)
Posted Jan 8, 2006 2:03 UTC (Sun)
by job (guest, #670)
[Link] (1 responses)
Posted Mar 17, 2006 22:09 UTC (Fri)
by msf023 (guest, #36547)
[Link]
Posted Jan 8, 2006 3:14 UTC (Sun)
by zblaxell (subscriber, #26385)
[Link]
My experience suggests that cleanly disconnected wire pairs are the trivial special case--wires that have been corroded, compressed, stretched, or otherwise damaged so that they are *almost* open or shorted, or have compromised signal integrity, but still work just enough for link detection in at least one direction, cause all kinds of really annoying problems that just get worse when there are dynamic failover systems in the mix.
I've had cables that would do interesting things like negotiate 100mbit-FD at one end and 100mbit-HD, 10mbit, or nothing at the other, until I cut off one end and re-crimped it. Other cables would carry short packets but get frame errors on long ones. This confuses simpler systems like ifplugd and "ip route add ... nexthop" ARP-based failover, because the cable works for the simple signal tests they are doing but fails to work for real live data packets.
I'd imagine that a number of these marginal-signal-quality cases might arise at various instants during molestation of the network cables with an axe.
On the other hand...
Standard CD-audio frames are 2352 bytes long and take 13.3ms to play. An Ethernet frame is 1500 bytes minus a bit of overhead and takes 8.5ms to play. Assuming a TCP connection carrying the data with a window size of 64K, the failover system has to recover *and* get an ACK packet through from the player to the audio source within 370ms of the first lost packet, or the audio player will run out of data. That's pretty easy to do with no buffering in the sound card at all (although since there is considerably more than 64K of buffer in both the sound driver and the TCP stack, you'd have to turn all those buffers off to produce this result in real life).
Now, if the demo involved streaming 192kbit/s Ogg data like the recent OpenBSD song, then one Ethernet frame takes 62.5ms to play, and a 64K TCP window needs to recover within 2.6 *seconds*. ARP-based failover can recover in that kind of time if you set the cache parameters low enough. And of course typical buffering will keep the music playing for much longer.
OTOH, if he's firing UDP audio packets through the firewall in real time with no ACK path, then then he's got a pretty impressive demo after all.
Posted Jan 9, 2006 9:04 UTC (Mon)
by jd (guest, #26381)
[Link]
However, I can tell you that sub-microsecond failover is certainly doable,
if it is either:
Hot Standby is what you'd use under any kind of "real world" scenario, but
if you plan on building a mach 20 aircraft, or want a probe that will
RELIABLY reach Mars or a comet, then you'd be better off mirroring the
connection as you really can't afford the latency in Hot Standby, and/or
can't go out there to physically debug the code if the stop/start hangs.
All depends on just what sort of system you're building.
Posted Mar 18, 2006 17:49 UTC (Sat)
by mcbride (guest, #36556)
[Link]
The audio is a 128kbps mp3 file played with mpg321, which doesn't have any buffering options. It's not streamed, it comes over the network on an NFSv3 mount (over TCP).
I never replay the same song in a demo, to avoid hitting filesystem cache, and the actual demo also includes unplugging ALL the firewall uplink cables on both firewalls... when I do that, the music stops essentially instantly. It's certainly less than a half-second of buffering.
This is all in partial failure situations however: network cables getting cut, graceful shutdown of the master firewall, etc. If you actually kill one of the firewalls, the failover takes a little longer, about 3 seconds. The session doesn't get killed, but the audio hangs until the backup takes over.
Poor man, sharing surname with the monster of Utah... :oEuroBSDCon 2005 (NewsForge)
I suspect the music stream was buffered at the client... still an impressive demo, but come now, let's be realistic...EuroBSDCon 2005 (NewsForge)
EuroBSDCon 2005 (NewsForge)
Disclaimer, I havent investigated carp specifically, but realistically I'd expect that sub-second failover is easily doable. Nevertheless I'd wager at 10 to 1 odds that the stream was buffered by the client.EuroBSDCon 2005 (NewsForge)
Packetization of an audio stream requires buffering by nature.EuroBSDCon 2005 (NewsForge)
Actually the demo uses mpg321 playing an mp3 file off of an NFS mount. EuroBSDCon 2005 (NewsForge)
There is no buffering to speak of. It's not a stream
It is somewhat impressive to me that all this allegedly works when someone takes an axe to the cables.EuroBSDCon 2005 (NewsForge)
Not sure how CARP works, either, and ucarp doesn't seem to be updated that
often, so I'm not keen on trying it.
EuroBSDCon 2005 (NewsForge)
"Hot Standby" (ie: nothing needs to be loaded or configured at the
time, although you do need to have some sort of start/stop operation)
Actually, there's essentially no buffering involved. No magic.EuroBSDCon 2005 (NewsForge)