Is this the expected behavior? I'm not targeting the vrrp address. I'm browsing general Internet.
So, it works, but it doesn't match what I'm reading (although I can't find too much).
Why is it matching the vrrp interface instead of the actual vlan interface?
Yes, it is an expected behavior from a MIKROTIK point of view.
From a Linux perspective, VRRP is a sub-interface with his own mac-address (VMAC).
Packets that need to be forwarded would be delivered to the VMAC - and VIP.
Example with iproute2:
Code:
modprobe macvlan[ $? -eq 0 ] && ip link add link eth0 name vrrp4.1 type macvlan mode bridge[ $? -eq 0 ] && ip a add 10.0.0.1/32 dev vrrp4.1[ $? -eq 0 ] && ip link set dev vrrp4.1 up[ $? -eq 0 ] && tcpdump -i vrrp4.1 -vnAs per MIKROTIK configuration, If you want to manage a VIP from the VLAN interface, you should attach it manually; which is obviously not VRRP.
Some open source VRRP implementations, like keepalived, offer the possibility to avoid VMAC and just install VIP into the base interface - but also in this case this would not respect the standard.
Hope that helps
Statistics: Posted by nstp — Fri Feb 02, 2024 7:19 am