LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: LVS-DR ssh service

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: LVS-DR ssh service
From: Con Tassios <ct@xxxxxxxxxxx>
Date: Mon, 24 Jan 2005 20:01:07 +1100 (EST)

2. Use the stock RHEL kernel, and use arptables to control the arp problem.
   There is an arptables package for RHEL AS and ES, and if you
   recompile the available source it works for WS.

   I have had some success in my lab with something along the lines of
   the following. And it has the advantage over 1) that you don't need
   to change the kernel.

    arptables -F
    arptables -A IN -d VIP -j DROP
    arptables -A OUT -d VIP -j DROP -j mangle --mangle-ip-s RIP

    http://archive.linuxvirtualserver.org/html/lvs-users/2004-12/msg00015.html

Is this really needed? What about using this sysctl variables:

net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

The stock Red Hat Enterprise Linux 3 kernel does not include arp_ignore and arp_announce.


<Prev in Thread] Current Thread [Next in Thread>