|
so yah, i've always seen the following settings applied to
/etc/sysctl.conf on linux hosts that are behind DR/DSR vips:
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
[jdahl@proxy-3-edge ~]$
however after reading yoru email again, I'm not thinking this is the issue.
I assume you are allowing a permit in iptables to the VIP IP on the real
servers?
>
> Hello,
>
> I just configured an environment of two LVS servers with three real
> servers, and it works fine ... in the same network. When we try to
> access the web server through the virtual IP from another network,
> suddenly it doesn't work, this noted in the fact that we can't access
> the VIP, but it still works in the same network. But, if I shutdown one
> of the servers, it works perfectly.
>
> My configuration is Direct Routing. My doubt is in the ARP
> configuration. I read on section 6.8 at
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.arp_problem.html
> that the following commands must be executed to properly configure
> arptables on every real server:
>
> # arptables -A IN -d $VIP -j DROP
> # arptables -A OUT -s $VIP -j mangle --mangle-ip-s $RIP
>
>
> But looking at RedHat documentation (I'm working with RHEL servers)
> mentions on section 3.2.1 at
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Virtual_Server_Administration/s1-lvs-direct-VSA.html#s2-lvs-direct-arptables-VSA
> that the configuration to use is:
>
> arptables -A IN -d <virtual_ip> -j DROP
> arptables -A OUT -d <virtual_ip> -j mangle --mangle-ip-s <real_ip>
>
>
> So ... Austintek uses the VIP as a source on the OUT chain, but RedHat
> uses it as a destiny. Can anyone tell me what is the right
> configuration? And could it be the cause of my problem, not being able
> to access my balancers with three real servers from outside the network?
> Funny thing is, both configurations seem to work the same way, which one
> is correct?
>
> Thanks in advance.
>
> Israel.
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
--
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
