LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: LVS behaviour with no realservers available

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: LVS behaviour with no realservers available
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Fri, 15 Sep 2006 05:11:42 -0700 (PDT)
On Thu, 14 Sep 2006, Nicholas Newberry wrote:

If my preliminary testing is correct, when the LVS director has no realservers in the table for a particular virtual service, requests for that service produce an icmp port unreachable.

lets the client do something sensible.

The point of all of this is that if the realservers aren't up, I want client requests to time out (i.e. be silently dropped by the director) rather than get "connection refused".

the user on the client box may not like this (for http, the web browser will just hang). Just a caution - you usually only drop packets for connections that you regard as malicious, and give normal users the reject so they can do something else.

However if you really want it, a possible way might be to have a director with localnode and an iptables rule for 127.0.0.1:your_service to drop the inbound packets.

Another way of handling it would be to have a localnode sorry server (displaying a page saying "our website is down - please come back")

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

<Prev in Thread] Current Thread [Next in Thread>