Re: [lvs-users] Alias on lo blocks everything

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Alias on lo blocks everything
From: Pieter Temmerman <ptemmerman.ext@xxxxxxxxx>
Date: Wed, 12 Nov 2008 13:17:02 +0100
Hallo Sebastian.

First of all, thank you very much for your time and consideration.
I forgot to mention in my previous post that I actually have those
sysctl parameters specified. I also executed sysctl -p to activate them.
So, I guess that is not the problem.

A question regarding the sysctl parameters; 
Isn't it ok to only specify 'all' as I suppose it include ALL

net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

Not that I did this, but it's just bothering me :)
Also, the property name isn't the most appropriate if you ask me.
If you say conf.eth0.arp_ignore = 1, then I understand out of it that
arp requests should be ignored on eth0. Which isn't really the case,
they should only be ignored on the alias.
Or am I totally wrong here.


On Wed, 2008-11-12 at 12:19 +0100, Sebastian Geib wrote:
> Hi Pieter,
> Pieter Temmerman schrieb:
> > In every tutorial I have read on VLS, it stated that in order to receive
> > traffic on the VIP, the real servers should have the VIP assigned to the
> > lo:0 alias interface.
> > 
> > When I do this, that particular server is unreachable and is either able
> > to reach other servers in the network. When I remove the lo:0 alias,
> > everything is back to normal again.
> > 
> > I solved this by instead creating the VIP on tunl0 instead of lo:0. But
> > still, I would like the know the reason why it is failing.
> > 
> > Is this a problem with my distribution or am I overlooking something
> > crucial?
> > 
> > I have Centos 5.2 (2.6.18-1.17.el5).
> actually your distribution shouldn't play a role in that as it seems to
> be a general problem with ARP requests from what I can guess. If you
> haven't made any changes to your sysctl.conf then your lo:0 interface
> acts like a real interface and when the network is asked for the MAC
> address which belongs to your VIP and this request comes in on any of
> your machines real interfaces that machine answers too - which it
> shouldn't - because it thinks it has the IP address and should tell
> everyone about it.
> You have two ways out of this:
> 1. Compile your kernel with dummy interface support with NOARP enabled.
> This is an option I am using in some setups but I generally prefer the
> second one as it is pretty much painless and easy to implement.
> 2. Edit your /etc/sysctl.conf and add the following lines:
> net.ipv4.conf.eth0.arp_ignore = 1
> net.ipv4.conf.eth0.arp_announce = 2
> net.ipv4.conf.eth1.arp_ignore = 1
> net.ipv4.conf.eth1.arp_announce = 2
> net.ipv4.conf.all.arp_ignore = 1
> net.ipv4.conf.all.arp_announce = 2
> Obviously eth0 and eth1 need to be your real network interfaces where
> ARP requests should be answered for the IP addresses bound to those
> interfaces. Afterwards everything should be fine.
> Afterwards you do a "sysctl -p" and everything should be fine.
> Sebastian

<Prev in Thread] Current Thread [Next in Thread>