LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Non-arp issue

To: "Julian Anastasov" <ja@xxxxxx>
Subject: Re: Non-arp issue
Cc: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: "Victor" <victord@xxxxxxxx>
Date: Mon, 28 Jan 2002 12:16:39 -0500
> > I read this, but I don't seem to understand why there would be an ARP
> > responce if VIP is on lo0:2 but no arp response if it is on a
disconnected
> > eth1:2.
>
> This is not true, read here:
>
> http://www.linuxvirtualserver.org/~julian/#hidden
> and in hidden.txt

From LVS HowTo (section 3.2 on the bottom)
---
Put an extra NIC on the realserver to carry the VIP (on eth1)

Possible cards would be a discarded ISA card (WD80x3), or a cheap 100Mbit
PCI card (eg Netgear FA310TX, $16 in USA in Nov 99) There is no traffic
going through this NIC and it doesn't matter that it's an old slow card. The
extra card is only required so that the realserver can have the VIP on the
machine. With 2.2.x kernels you can't stop this device (eth1) from replying
to arp requests, but if you don't connect the cable to it or don't put a
route to it in the realserver's routing table, then the client won't be able
to send it an arp request.
---

Would that not work then without a hidden patch? I thought this solution was
an alternative to the hidden patch?

> > Both are noarp devices, both don't connect to a wire, and both are used
with
> > I/O coming in/out on eth0.
> >
> > Just curious, would there be a way to use Netfilter to simply stop all
arp
> > responces for a given IP by filtering them out?
>
> This should be the best way to filter ARPs, I'm thinking
> on implementing something on this issue but difficulties in the
> user space stop me.

Just as a hack, I think that the arp packet is a special packet, isn't it?
Would one be able to stop it by size match (I think netfilter has a by size
match) and by the IP. As I understand, it's a 28 byte arp responce. I know
this is hacky and just curious if this would work or would cause packet
loss.




<Prev in Thread] Current Thread [Next in Thread>