餱ȥƥȤͫݵ

⤷ƤȤɽεϿøȽ񤯡

FreeBSD

3ξĹץȥ롢CARP

CARP(Common Adress Redundancy Protocol)ȤOpenBSDͳΥоĹץȥ롣ƱͤʤΤCisco SystemsHSRPVRRP롣ʤǤޤ3Ĥ褦ʥץȥ뤬ΤȸС˽˸äƤʲΤ褦ʰ㤤褦

  • HSRP Cisco SystemsΥѥƥȡ
  • VRRP ѥƥȥե꡼HSRPΤϤäɤޤѥƥʬĤäƤ餷
  • CARP Υѥƥȥե꡼μܻؤƼ줿Ρ

ơFreeBSDǤCARPμɤ⡢桼ɤǤμȥͥǤμ褦桼ɤǤμUCARPfreevrrpdƱ褦ʰ֤Ť(ä)ϸȤơOpenBSDΥͥ뤫ݡƥ󥰤줿ȱͥǤμƸ빽ǶμǡоݤFreeBSD 5.4ʹߤΥͥˤʤ롣С66.1-STABLE

ͥǤμȸäƥͥκƹۤɬסΤȤɸ֤ǤLKMѰդƤʤ褦ʤΤǡľ˺ƹۤƤʲιԤɲäƥͥƹۤ롣

 device	carp

freevrrpdǤ϶ͭɥ쥹륢ɥ쥹ʪͥåȥǥХ(fxp0Ȥrl0Ȥde0Ȥ)Υꥢɥ쥹Ȥ줿carp?ȤѤΥͥåȥǥХѰդ롣/etc/rc.conf˰ʲΤ褦˵ҡ192.168.1.253ۥɥ쥹Ȥ

masterˤۥȤǤ

 cloned_interfaces="carp0"
 ifconfig_carp0="vhid 1 pass hogehoge 192.168.1.253/24"

backupˤۥȤǤ

 cloned_interfaces="carp0"
 ifconfig_carp0="vhid 1 advskew 100 pass hogehoge 192.168.1.253/24"

vhidϲۥۥȤ¥ۥȤΥ롼IDfreevrrpǸȤserverid

advskewϻƻؤα֡1/256äݤͤٱ䤷ǽ˱¥ۥȤۥۥȤѤ¼Ūͥ٤ȹͤƤǥեȤ0ʤΤǡbackupۥȤΤ߻ꤹФ

pass̿Υѥɡ롼ƱΤꤹɤ

advbaseϺꤷƤʤƻδֳ֡ǥեȤ1äֳ֤Ĺϻꤹɬפ(255)

/etc/rc.confʳˡsysctl⤤Ĥܤ롣ɬפʤ/etc/sysctl.confǻꤹ롣

 net.inet.carp.allow=1		#carpѥåȤ롣ǥեȤ1
 net.inet.carp.preempt=1	#ʣvhidޤȤƥե륪ФȤ(localglobalΥե륪ФƱʤ)ꡣǥեȤ0
 net.inet.carp.arpbalance=0	#Ʊ󥯤ǡarpαȤäƥХ󥷥󥰤Ǥ餷ξѤˤǤäݤ̤ڡǥեȤ0
 net.inet.carp.log=1		#顼ʤɡϿǥեȤ1

äȤʤȤξ֤master¦ifconfigƤߤȡ

 carp0: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
         inet 192.168.1.253 netmask 0xffffff00
         carp: MASTER vhid 1 advbase 1 advskew 0

ʤ󤫤äbackup¦Ǥϡ

 carp0: flags=8<LOOPBACK> mtu 1500
         inet 192.168.1.253 netmask 0xffffff00
         carp: INIT vhid 1 advbase 1 advskew 100

ȤʤäƤ롣¤Ϥξ֤Ǥmaster̿ǽˤʤäƤե륪ФǤʤifconfigȤäcarp0upƤɬפ롣ʤ/etc/rc.confǰupꤷƤäݤ̤Υץ󤬤Τ⤷ʤõƤޤ󡣤ʤ

 # ifconfig carp0 up
 # ifconfig carp0
 carp0: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
         inet 192.168.1.253 netmask 0xffffff00
         carp: BACKUP vhid 1 advbase 1 advskew 100

INITBACKUPˤä괰λե륪ФˤϡʪŪȴƤ⤤ۤƱͤifconfigcarp󥿡եup,downƤɤ

 (master)# ifconfig carp0 down
 (master)# ifconfig carp0
 carp0: flags=8<LOOPBACK> mtu 1500
         inet 192.168.1.253 netmask 0xffffff00
         carp: INIT vhid 1 advbase 1 advskew 0

 (backup)# ifconfig carp0
 carp0: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
         inet 192.168.1.253 netmask 0xffffff00
         carp: MASTER vhid 1 advbase 1 advskew 100

MASTERθ夬ԤƤ褦master¦carp0upȡnet.inet.carp.preempt0ΤȤ¨¤MASTERڤᤵ졢1λڤᤷϵbackup¦MASTERΤޤޤä(狼ˤʡ)

꤬syslog򸫤ȡ

 kernel: arp_rtrequest: bad gateway 192.168.1.253 (!AF_LINK)

ʥåϤƤ롣äƤߤֵʬ͡פߤʻ񤤤Ƥ뤬Gratuitous ARP褦ȤƤäƤ褦˸롣MAC00:00:5e:00:01:01Ȥɥ쥹ȤäƤ褦δĶǤϤɤ⤳˥å󥰥ϥ֤դƤƤʤߤcarp0ʤƥ󥿥եƤ뤯餤ʤΤǡroute˻ꤷƤ⤦ޤ¼ʪ󥿥եalias꿶äΤƱ褦ưʤ褦ǤʪŪʥå󥰥ϥ֤¾ˡVirtual Server 2005βۥåʤ󤫤Ǥ뤫顢ڤʬΤɤʤäƺϽλ(ġ)³

freevrrpdΤ褦˥ե륪лΥץȤñ˻Ǥ櫓ǤϤʤΤ(ޤ줬桼ɼζߤ)ºݤ˱ѤˤϤȺߤѤcarparpХ󥹵ǽˤ϶̣šΤؤδԤơUCARPƤߤ뤫⡣

ץ̤Υ̤ݤ

ץκǡʤɤ礷ƤϥǤ¤¤뤳ȤǤ롣ȤcshϤΥʤlimitޥɤȤ

limit datasize unlimited
limit stacksize unlimited

ʵҤ.cshrcˤƤа¿

FreeBSDξϤΤޤޤǤunlimitedˤϤʤʤ嵭򤷤塢limit -hdzǧȡ

cputime         unlimited
filesize        unlimited
datasize        524288 kbytes
stacksize       65536 kbytes
coredumpsize    unlimited
memoryuse       unlimited
vmemoryuse      unlimited
descriptors     14745
memorylocked    unlimited
maxproc         5547
sbsize  unlimited

unlimitedǤϤʤŪͤꤵƤΤ狼롣

ͤϥͥǻꤵƤͤǡͰʾΥץ˳ƲǽˤˤϡͤѹǥͥƹۤƵưɬפ(󡢳Ƥ¤򾯤ʤ)

options         MAXDSIZ="(1024*1024*1024)"
options         MAXSSIZ="(1024*1024*1024)"
options         DFLDSIZ="(1024*1024*1024)"

4.5RʹߤǤϰʲѿ/boot/loader.confǻꤹ뤳ȤǤ褦

kern.maxdsiz
kern.dfldsiz
kern.maxssiz
4.5R꡼Ρ

The kernel configuration parameters MAXTSIZ, DFLDSIZ, MAXDSIZ, DFLSSIZ, MAXSSIZ, and SGROWSIZ are all loader tunables (kern.maxtsiz, kern.maxdfldsiz, etc.).

FreeBSD-SA-06:17

http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc

FreeBSD˸¤ääǤϤʤsendmailȼ8.13.7ʳ8.13.6ΥСƤDZƶ롣ٹܤ᡼򥭥塼֤ȤDoSǽ롢ȤΡ

FreeBSDѤˤϥѥå롣8.13.7˾夲Ȥ⡢Ȥꤢнˡ⤢褦sendmailΥɥХ򻲾ȡפ뤫ForkEachJobץͭˤȤ餷ɡꤹ뤳ȤǤεưѲ(ץȤ⤽⥳׼ʤʤȤ)ˤա

freevrrpdǥоĹ

freevrrpdFreeBSDNetBSDOpenBSDvrrpdFreeBSDʤ/usr/ports/net/freevrrpdˤ롣

vrrp롼¿ŲԤΥץȥƤ뤱ɡä˥롼˸ꤷʤƤ⡢̤ΥۥȤǤȤȤǤ롣

äƤ뤳ȤϡۥȤ餽ΥۥȤäƤIPɥ쥹̤ΥۥȤѤȤ᡼򡢲IPɥ쥹ʣΥۥȤǶͭƤ뤳ȤǼ¸롣ʣΥۥȤΥ롼פvrrpǥ롼IDǴ졢ǥץ饤ƥκǤ⤤ۥȤmaster(IPɥ쥹꿶)ʳbackupȤʤꡢmasterbackupǥץ饤ƥ⤤ۥȤmasterȤʤ롣freevrrpdǤϲIPɥ쥹masterȤʤۥȤIPɥ쥹ꥢȤꤵ롣ȤƤϤȤƤ⥷ץ롣

ʤ(192.168.1.253IPɥ쥹)

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::20d:bff:fe4e:8e42%rl0 prefixlen 64 scopeid 0x2
        inet 192.168.1.3 netmask 0xffffff00 broadcast 192.168.1.255
        inet 192.168.1.253 netmask 0xffffffff broadcast 192.168.1.253
        ether 00:0d:0b:4e:8e:42
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

FreeBSDports줿/usr/local/etc/freevrrpd.confǡƱǥ쥯ȥfreevrrpd.conf.sampleꡢǫˤʥȤ򵭺ܤƤƤ롣

masterˤۥȤǤ

[VRID]
serverid = 1
interface = rl0
priority = 255
addr = 192.168.1.253/32
password = hogehoge
useVMAC = no
sendgratuitousarp = yes

backupˤۥȤǤ

[VRID]
serverid = 1
interface = rl0
priority = 250
addr = 192.168.1.253/32
password = hogehoge
useVMAC = no
sendgratuitousarp = yes

ꤹ٤ܤϤäȤʤȤ

  • serveridvrrpΥ롼IDɳդۥȤƱIDȤ
  • interfacevrrp򤷤٤餻NICꡣ
  • priorityͥ١255ͤǻꤵƤmasterˤʤ롣
  • addrϲIPɥ쥹
  • passwordvrrp̿Υѥɡ롼ƱΤꡣ
  • useVMACMACɥ쥹ⲾۤΤΤȤɤλꡣ

MACɥ쥹ȤȡڤؤƱMACɥ쥹̿Ǥ뤿ᡢarpѹʤʤL2SWǤѹɽɬפ롣ޤ̤ϰռʤƤ褤)MACɥ쥹Ȥϡڤؤ˥ۥȤMACɥ쥹񤭴뤿ᡢȤIPɥ쥹꿶ƤФˤϤ˱ƶФ(ǽ)

MACɥ쥹Ȥʤϡڤؤ˲IPɥ쥹бMACɥ쥹(masterۥȤΤΤ)ѹ롣Τ¾ΥۥȤMACɥ쥹ѹΤƤɬפ롣ؼΤsendgratuitousarpڤؤ˼ʬȤMACɥ쥹ޤޤ줿arpꥯȤ֥ɥ㥹ȤŪMACɥ쥹ѹŤ롣

freevrrpdΩ夲к¤IPɥ쥹ڤؤϽ褦ˤʤ롣IPɥ쥹Ȥäӥξ夲(DBhttpdstart/stopȤ)ˤmasterscriptbackupscriptǻꤷץȤǹԤФ

masterscript = /usr/local/bin/master_script.sh
backupscript = /usr/local/bin/backup_script.sh

ǡƱ䶦ͭǥѤ򤭤ȹθƤСʤäHA饹ŪʻȤ(󤸤ʤʤ)

SECURITY ADVISORIESƤ

http://security.freebsd.org/advisories/FreeBSD-SA-06:16.smbfs.asc
http://security.freebsd.org/advisories/FreeBSD-SA-06:15.ypserv.asc

ɤľܴطʤ

RELENG_4_105ǥƥʥ󥹽λȻפ䡢ߥդǹ줿ߤ줬ǸˤʤΤʡ

HEADRELENG_6֥ʬ

MYCOM PCWEBε
http://pcweb.mycom.co.jp/news/2005/07/13/007.html

ɥ餤񻺤äRELENG_5᡹RELENG_6ˤȤä뤽ʡ
ޤǤΥ᥸㡼åץǡȵ礭ѹʤˤ⤢Ȥ֤ΤؤǰڤʤפȤ̣礤

ϤƤ衢RELENG_4_11ξ괹ƤǤ