LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: ARP reply control

from [David Osborne] [Permanent Link]
To: Julian Anastasov <ja@xxxxxx>
Subject: Re: ARP reply control
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: David Osborne <David.Osborne@xxxxxxxxxxxxxxxx>
Date: Thu, 19 Jul 2001 17:35:59 +0100 
On Mon, Jul 16 2001 at 19:36:13 +0300, Julian Anastasov wrote
>       Did you tried http://www.linux-vs.org/~julian/route-noarp.txt ?
> There is a section "Notes for the LVS users".

Yes, but it didn't help me.

On Mon, Jul 16 2001 at 20:04:17 +0300, Julian Anastasov wrote
>       About the used device: check whether you can switch to using
> rp_filter for your devices (all):
> 
> echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
> echo 1 > /proc/sys/net/ipv4/conf/eth0/rp_filter
> echo 1 > /proc/sys/net/ipv4/conf/eth1/rp_filter
> 
>       If not, try the same with "arp_filter".

I tried both, but didn't help.

>       In Linux 2.2+ all devices respond to remote ARP probes no
> matter the requested address is local or remote. In Linux, by placing
> one IP on specific device you can achieve only:
[...]
>       I don't remember for other reasons one to place an IP address
> to specific device. So, placing VIP on "unused" eth card (eth1) does
> not solve the problem for the announced MAC. All devices reply to all
> broadcast ARP probes until some policy is applied:

The system acting as LVS director has 3 interfaces; I was attempting
to use one for heartbeat with the backup using a crossover cable and
to use the other two to share traffic -- this was probably my mistake.

I've since given up using all three interfaces and am currently trying
one connected to the network and one as private (10.0.0.x) with the
crossover to the second system, with the third unconfigured. That
seems to work: the Windows clients no longer seem to be confused by
ARP replies variously giving one or other of the MAC addresses of the
two publically-connected interfaces.

My only problem left is that although I can ping one director from the
other over the crossover cable, and make a telnet connection, I can't
use it for heartbeat. If I start heartbeat on the backup director
using that interface for the udp heartbeat, it doesn't see a reply and
starts attempting address takeover.

-- 
David Osborne                         david.osborne@xxxxxxxxxxxxxxxx
Academic Computing Services     phone/voicemail: +44 (0)115 951 3397
The University of Nottingham                fax: +44 (0)115 951 3358
Nottingham NG7 2RD, UK          http://www.nottingham.ac.uk/~cczdao/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Syncing servers, jik
Next by Date:  Re: ARP reply control, Julian Anastasov
Previous by Thread:  Re: ARP reply control, Julian Anastasov
Next by Thread:  Re: ARP reply control, Julian Anastasov
Indexes:  [Date] [Thread] [Top] [All Lists]