[Linux-HA] invalid auth token after defining multiple ping_groups
Carson Gaspar
carson at taltos.org
Wed Aug 3 22:41:38 MDT 2005
--On Wednesday, August 03, 2005 5:11 PM -0500 Guochun Shi
<gshi at ncsa.uiuc.edu> wrote:
> The echo servers 66.249.87.99 and 66.249.87.104 does not ehco the whole
> packet if the packet size is > 64bytes. The packets heartbeat sent out
> are > 80 bytes and only part of the packets are echoed back and
> authentication string is not there. That's why the authentication failed.
> So, it is the echo servers' problem :)
I assume you mean ICMP ECHO above. I thought you might be incorrect about
the server being broken, but digging in RFC-792 I found:
"Data received in an ICMP Echo Request MUST be entirely included in the
resulting Echo Reply. However, if sending the Echo Reply requires
intentional fragmentation that is not implemented, the datagram MUST be
truncated to maximum transmission size (see Section 3.3.3) and sent."
So barring an _extremely_ small MTU, the devices are, indeed, broken
according to the RFC. I remember some discussion about ICMP payload size
limits from my InfoSec work, so it's possible some device is "helping" in
the name of security...
Christian, can you tell us the hardware/OS of these devices? It would be
nice to know what devices _not_ to use in a ping group...
--
Carson
More information about the Linux-HA
mailing list