Re: FreeBSD 5 and LVS

From: Ken McKittrick <klmac@xxxxxxxxxxxxxx>
Date: Mon, 17 Feb 2003 12:05:05 -0500

On Monday, February 17, 2003, at 11:22 AM, Roberto Nibali wrote:


It wasn't working before I turned on ip forwarding. I am absolutely positive on this point. My FreeBSD 4 machine doin't hav e ip forwarding turned on and they're doing 500K emails/day, so I'm pretty sure it's working fine.

Ok, then something else has changed too, I'll go back and check my cvs emails.

I'm also doing LVS/DR which doesn't seem to be the most popular way of using LVS. The VIP's go in the loopback interface. I am told on the freebsd-current mailing list that they fixed a long standing bug where an ip packet coming in on an interface would get passed to all the other interfaces.

Which IMHO would be the correct thing to do, because the RFC doesn't specify this 'weak host handling'. But it looks like Linux is going to be the only OS that has this feature. Could you please point me to the discussion? I'm more of an OpenBSD/Linux guy so I don't follow the CURRENT FreeBSD development as closely as the other ones. Or is this [1] the discussion you mean? If so I do not agree with those guys but this doesn't really matter. It seems that also by setting sysctl -w net.inet.ip.check_interface=0 you can workaround the problem. It looks to me like a "rp_filter & blackhole" kind of thing.

Haven't tried the sysctl -w net.inet.ip.check_interface=0 thing, but I can a bit later today. I thought this might also work, but didn't get that far.

True they, are 2 different ways to get to the same end point. I'm running postfix, but it shouldn't matter anyway.

[1] www/db/text/2003/freebsd-current/20030216.freebsd-current

That is the thread I was talking about.

I apologise to you for my wrong assumptions. Best regards,

No problem. I think maybe I should do a write-up on my system, Don't see too many people using LVS/DR with FreeBSD machines. Which is too bad, because I think that being OS-Centric leaves you blind to the best possible solution to any one problem.

