|
On Thu, 20 Jan 2000, Jivko Velev wrote:
> Hi guys,
>
> When i read the doc i didnt find the answer about how ICMP packet are
> redirected from VIP to Real Severs.
What you have described is part of a larger problem with the design of
LVS. Anything that is initiated on a realserver and which requires a
response from the client will most likely fail as the wrong realserver
will (usually) get the response.
Already people have fallen over this problem with identd, indexing
programs and MTU discovery (see the HOWTO, sect 14.10). I've added your
comments there into the next version of the HOWTO.
> In these cases your VIP will receive
> ICMP packets /dest unreachable, source quench and friends/ if you dont route
is source quench used in Linux? Richard Stevens (TCP protocols, ca 1992)
says it is deprecated since the TCPIP stack times out at about the same
time as the source quench packets arrive.
> When you receive a ICMP packet it contains the full IP header of the packet
> that cause this ICMP to be generated + 64bytes of its data, so you can
> assume that you have the TCP/UDP header too. So it is possible to implements
> "Persitance rules" for ICMP packages.
In VS-DR the director never sees the replies from the realservers and will
have no way of knowing which realserver is responsible for these ICMP
replies. Not seeing the replies is a Good Thing in that it keeps the
throughput of the LVS high. However it does make monitoring the health of
the LVS difficult. The problem of PORT_UNREACH is discussed in sect 14.16
of the HOWTO in this context.
Joe
--
Joseph Mack mack@xxxxxxxxxxx
|
