LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Using iproute2 or iptables for the arp problem

To: LVS-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Using iproute2 or iptables for the arp problem
From: Leonard Soetedjo <Leonard@xxxxxxxxxx>
Date: Mon, 28 Oct 2002 09:46:28 +0800
Hi list,

I've read from a RedHat mailing list 
(https://listman.redhat.com/pipermail/piranha-list/2002-April/000910.html) on 
solving arp problem as such:

-----------------------------------------------------------------------------------------------------------
However the whole arp problem can be sidestepped (at least in linux) by 
*not* assigning the VIP to any interface in the real servers.  Instead 
use a transparent proxy (sounds complicated, but it's not).  You just 
add an iptables rule on each real server.

    % iptables -t nat -A PREROUTING -d $VIRTUAL_IP -j REDIRECT

If a real server is handling more than one VIP, you will need one such 
rule for each.

Of course, there are many ways to handle or avoid the arp problem, but 
this one is simple and requires no patches or recompiles.
-----------------------------------------------------------------------------------------------------------

If this is possible, is there any disadvantage to this?  It sure would 
simplify the setup without having to patch the kernel again.  I'm using 
kernel 2.4.18.

Another thing that I was thinking is, would doing a:

ip link set <device> arp off

would help?

Thank you.


<Prev in Thread] Current Thread [Next in Thread>