|
Hello,
On Wed, 8 Aug 2001, Hayden Myers wrote:
> We've received complains of ICMP requests being sent out from some
> of the virtual farms on our lvs servers. Could somebody please explain how
> lvs could be doing this? We received a complaint from a user who received
> a lot of ICMP requests from two different load balancers of ours. Any
> explanation would be appreciated.
No, LVS does not send ICMP requests!!! It sends only replies.
You can expect such ICMP replies originated from LVS:
- ICMP_FRAG_NEEDED: standard reply after MTU checks
- ICMP_PORT_UNREACH: when there is no real services defined or when
the real service does not work (the last depends on the used method
for deliveryng TCP/UDP requests locally)
Additionally, LVS can forward any kind of ICMP replies and
requests in NAT mode, coming from the real servers or from NAT-ed
hosts. Just start tcpdump -n proto ICMP on your LVS director.
To avoid the paranoia ask your user:
- how much packets he receives: the rate, the time periods between
the messages, when this happens: when he browses your site or when not.
- what kind of ICMP messages are received: requests, replies, ICMP type
and code
- the IP addresses involved in the ICMP information
> Hayden Myers
Regards
--
Julian Anastasov <ja@xxxxxx>
|
