[DRBD-user] Digest integrity check FAILED. Broken NICs? (DRBD 8.2.4)

Paul Court pc at matrixonline.co.uk
Wed Jan 23 11:07:40 CET 2008

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.

> On Tue, Jan 22, 2008 at 05:56:55PM +0000, Paul Court wrote:
>> Hello,

---8<--- Snip ---8<---

> you ask drbd to enable the "data-integrity feature",
> which prepends each data block with its digest (you configured sha1,
> which is overkill here, md5 or even crc32 would do fine) before
> sending them over the wire.
> the receiving side then calculates a digest of that data block
> using the same algorithm, and naturally, this re-calculated digest,
> and the digest transfered with the data block should match exactly.

I notice there are a few other places where I have used sha1. Are there 
any other recomendations for the other values? (cram-hmac-alg & verify-alg)?

Is it possible to disable encryption, I'm not sure someone snooping on 
my packets is something I need to worry about with a cross over cable?

---8<--- Snip ---8<---
> in any case, drbd recognizes that the data received on the Secondary
> is not the data originally handed to it on the Primary side,
> complains, disconnects, reconnects, resyncs, done.
> this is not a bug but a feature.
> and it just ensured your data integrity a number of times.

Thanks for taking the time to explain all this to me, Lars. It's very 
helpful and I am more confident that my drbd is working fine now that I 
understand the process a bit more.


More information about the drbd-user mailing list