Re: [lvs-users] Alias on lo blocks everything

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] Alias on lo blocks everything
From:	Sebastian Geib <sebastian.geib@xxxxxxxxxxxx>
Date:	Wed, 12 Nov 2008 12:19:16 +0100

Hi Pieter,

Pieter Temmerman schrieb:
> In every tutorial I have read on VLS, it stated that in order to receive
> traffic on the VIP, the real servers should have the VIP assigned to the
> lo:0 alias interface.
> 
> When I do this, that particular server is unreachable and is either able
> to reach other servers in the network. When I remove the lo:0 alias,
> everything is back to normal again.
> 
> I solved this by instead creating the VIP on tunl0 instead of lo:0. But
> still, I would like the know the reason why it is failing.
> 
> Is this a problem with my distribution or am I overlooking something
> crucial?
> 
> I have Centos 5.2 (2.6.18-1.17.el5).
actually your distribution shouldn't play a role in that as it seems to
be a general problem with ARP requests from what I can guess. If you
haven't made any changes to your sysctl.conf then your lo:0 interface
acts like a real interface and when the network is asked for the MAC
address which belongs to your VIP and this request comes in on any of
your machines real interfaces that machine answers too - which it
shouldn't - because it thinks it has the IP address and should tell
everyone about it.

You have two ways out of this:
1. Compile your kernel with dummy interface support with NOARP enabled.
This is an option I am using in some setups but I generally prefer the
second one as it is pretty much painless and easy to implement.
2. Edit your /etc/sysctl.conf and add the following lines:
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.eth1.arp_ignore = 1
net.ipv4.conf.eth1.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

Obviously eth0 and eth1 need to be your real network interfaces where
ARP requests should be answered for the IP addresses bound to those
interfaces. Afterwards everything should be fine.
Afterwards you do a "sysctl -p" and everything should be fine.

Sebastian

-- 
Sebastian Geib

Chabango IT Services
Zillestraße 74/76
10585 Berlin

Fon: +49 (0) 30 327 67 98-0
Fax: +49 (0) 30 327 67 98-5

E-Mail: sebastian.geib@xxxxxxxxxxxx

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] Alias on lo blocks everything, Pieter Temmerman Re: [lvs-users] Alias on lo blocks everything, Sebastian Geib <= Re: [lvs-users] Alias on lo blocks everything, Pieter Temmerman Re: [lvs-users] Alias on lo blocks everything, Sebastian Geib Re: [lvs-users] Alias on lo blocks everything, Pieter Temmerman Re: [lvs-users] Alias on lo blocks everything, Sebastian Geib Re: [lvs-users] Alias on lo blocks everything, Pieter Temmerman Re: [lvs-users] Alias on lo blocks everything, Joseph Mack NA3T Re: [lvs-users] Alias on lo blocks everything, Graeme Fowler Re: [lvs-users] Alias on lo blocks everything, Joseph Mack NA3T Re: [lvs-users] Alias on lo blocks everything, Sebastian Geib Re: [lvs-users] Alias on lo blocks everything, Graeme Fowler

Previous by Date:	[lvs-users] Alias on lo blocks everything, Pieter Temmerman
Next by Date:	Re: [lvs-users] Alias on lo blocks everything, Pieter Temmerman
Previous by Thread:	[lvs-users] Alias on lo blocks everything, Pieter Temmerman
Next by Thread:	Re: [lvs-users] Alias on lo blocks everything, Pieter Temmerman
Indexes:	[Date] [Thread] [Top] [All Lists]