LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] netmask for vip?

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] netmask for vip?
From: Aaron West <aaron@xxxxxxxxxxxxxxxx>
Date: Wed, 21 Jun 2017 16:26:52 +0100
Linbo,

Yes, it's different as you do want the director to respond to ARP requests
and that's the only reason it's suggested to use /32 and a loopback adapter
on the real server.

So to clarify the VIP on the director should use it's actual subnet and
should be on a real interface as any normal IP would.


Aaron West

Loadbalancer.org
www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>

<https://plus.google.com/+LoadbalancerOrg>
<https://twitter.com/loadbalancerorg>
<http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
<https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017>
<https://www.loadbalancer.org/?gclid=ES2017>
+1 888 867 9504 / +44 (0)330 380 1064
aaron@xxxxxxxxxxxxxxxx

LEAVE A REVIEW
<http://collector.reviews.io/loadbalancer-org-inc-/new-review> | DEPLOYMENT
GUIDES
<https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017>
 | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>

On 21 June 2017 at 16:22, linbo liao <llbgurs@xxxxxxxxx> wrote:

> Yes Aaron, for loopback it must be /32.
>
> But the two link told vip in director is also /32, which confused me, I
> guess vip in director can't configure in loopback interface, right?
>
> Thanks,
> Linbo
>
> 2017-06-21 23:13 GMT+08:00 Aaron West <aaron@xxxxxxxxxxxxxxxx>:
>
> > Linbo,
> >
> > This goes back to what I originally said.
> >
> > I assume you mean on the loopback adapter? If so then use a
> 255.255.255.255
> > > or /32 for safety, not all OS's may need it as there can be many ways
> to
> > > make it not respond to ARP, however, this also helps as you are telling
> > the
> > > OS it's a single address.
> >
> >
> > So use a /32 for safety unless you can't for some reason as this helps to
> > guarantee the real server will not respond to ARP requests for that VIP.
> > There are indeed many many ways depending on OS to solve the ARP issue...
> > Out of interest what OS are your real servers?
> >
> > Aaron West
> >
> > Loadbalancer.org
> > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> >
> > <https://plus.google.com/+LoadbalancerOrg>
> > <https://twitter.com/loadbalancerorg>
> > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > <https://www.loadbalancer.org/?category=company&post-name=
> > overview&?gclid=ES2017>
> > <https://www.loadbalancer.org/?gclid=ES2017>
> > +1 888 867 9504 / +44 (0)330 380 1064
> > aaron@xxxxxxxxxxxxxxxx
> >
> > LEAVE A REVIEW
> > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > DEPLOYMENT
> > GUIDES
> > <https://www.loadbalancer.org/?category=resources&post-name=
> > deployment-guides&?gclid=ES2017>
> >  | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> >
> > On 21 June 2017 at 16:07, linbo liao <llbgurs@xxxxxxxxx> wrote:
> >
> > > I have no idea.
> > >
> > > Refer to
> > > http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.
> > > ipvsadm.html#netmask_for_VIP
> > >
> > >
> > >    - For LVS-DR, LVS-Tun: netmask for VIP on director, realservers must
> > be
> > >    /32.
> > >
> > > and Julian reply the post
> > > http://archive.linuxvirtualserver.org/html/lvs-users/2016-12/msg00014.
> > html
> > >
> > > 2. add VIP/32 on lo (for real server) or on eth0 (for director)
> > >
> > > Thanks,
> > >
> > > Linbo
> > >
> > >
> > > 2017-06-21 22:31 GMT+08:00 Aaron West <aaron@xxxxxxxxxxxxxxxx>:
> > >
> > > > Linbo,
> > > >
> > > > Sorry, if you mean directly on the interface of the director so when
> > you
> > > > check the output of "ip a" then I'd use the netmask of the network, I
> > > > thought you meant the netmask setting for LVS itself.
> > > >
> > > >
> > > >
> > > > Aaron West
> > > >
> > > > Loadbalancer.org
> > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> > > >
> > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > <https://twitter.com/loadbalancerorg>
> > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > overview&?gclid=ES2017>
> > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > aaron@xxxxxxxxxxxxxxxx
> > > >
> > > > LEAVE A REVIEW
> > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > DEPLOYMENT
> > > > GUIDES
> > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > deployment-guides&?gclid=ES2017>
> > > >  | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> > > >
> > > > On 21 June 2017 at 15:20, linbo liao <llbgurs@xxxxxxxxx> wrote:
> > > >
> > > > > I am not sure.
> > > > >
> > > > > If I configure vip netmask, and use  `ip a`  it will print vip with
> > > > netmask
> > > > > information.  But  `-M netmask` is show in `ipvsadm -Ln`.
> > > > >
> > > > > I think there are different thing.
> > > > >
> > > > > Thanks,
> > > > > Linbo
> > > > >
> > > > >
> > > > > 2017-06-21 22:01 GMT+08:00 Aaron West <aaron@xxxxxxxxxxxxxxxx>:
> > > > >
> > > > > > Linbo,
> > > > > >
> > > > > > Yes, I believe it will be exactly the same, sorry for referencing
> > > > > > Ldirectord it's just what I'm used to using.
> > > > > >
> > > > > > Did a quick google to verify my thoughts and this page backs me
> up
> > as
> > > > > well
> > > > > > as being a nice read in itself:
> > > > > > http://www.ducea.com/2008/06/16/lvs-persistence/
> > > > > >
> > > > > > Aaron West
> > > > > >
> > > > > > Loadbalancer.org
> > > > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017
> >
> > > > > >
> > > > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > > > <https://twitter.com/loadbalancerorg>
> > > > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-
> company-name
> > >
> > > > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > > > overview&?gclid=ES2017>
> > > > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > > > aaron@xxxxxxxxxxxxxxxx
> > > > > >
> > > > > > LEAVE A REVIEW
> > > > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > > > DEPLOYMENT
> > > > > > GUIDES
> > > > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > > > deployment-guides&?gclid=ES2017>
> > > > > >  | BLOG <https://www.loadbalancer.org/
> ?category=blog&?gclid=ES2017
> > >
> > > > > >
> > > > > > On 21 June 2017 at 14:37, linbo liao <llbgurs@xxxxxxxxx> wrote:
> > > > > >
> > > > > > > Sorry I miss the detailed information.
> > > > > > >
> > > > > > > I mean the netmask of VIP in LVS director. LVS use keepalived
> to
> > do
> > > > HA.
> > > > > > > Will vip netmask in LVS director affect the persistence ?
> > > > > > >
> > > > > > > 2017-06-18 16:30 GMT+08:00 Aaron West <aaron@xxxxxxxxxxxxxxxx
> >:
> > > > > > >
> > > > > > > > Hi Linbo,
> > > > > > > >
> > > > > > > > I assume you mean on the loopback adapter? If so then use a
> > > > > > > 255.255.255.255
> > > > > > > > or /32 for safety, not all OS's may need it as there can be
> > many
> > > > ways
> > > > > > to
> > > > > > > > make it not respond to ARP, however, this also helps as you
> are
> > > > > telling
> > > > > > > the
> > > > > > > > OS it's a single address.
> > > > > > > >
> > > > > > > > Or do you mean the "netmask" in the ldirectord config which
> > > affects
> > > > > > > > persistence? When this is at the default of 255.255.255.255
> > > > > persistence
> > > > > > > > will work per source address so 192.168.0.10 and 192.168.0.11
> > > would
> > > > > get
> > > > > > > > stuck to different servers. If you set 255.255.255.0 then
> they
> > > > would
> > > > > > both
> > > > > > > > hit the same server as persistence would work by subnet so
> the
> > > > whole
> > > > > > > > 192.168.0.0/24 subnet would be stuck to the first server.
> > > > > > > >
> > > > > > > > Hope that's relevant to your question and makes sense...
> > > > > > > >
> > > > > > > >
> > > > > > > > Aaron West
> > > > > > > >
> > > > > > > > Loadbalancer.org
> > > > > > > > www.loadbalancer.org <https://www.loadbalancer.org/
> > ?gclid=ES2017
> > > >
> > > > > > > >
> > > > > > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > > > > > <https://twitter.com/loadbalancerorg>
> > > > > > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-
> > > company-name
> > > > >
> > > > > > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > > > > > overview&?gclid=ES2017>
> > > > > > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > > > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > > > > > aaron@xxxxxxxxxxxxxxxx
> > > > > > > >
> > > > > > > > LEAVE A REVIEW
> > > > > > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-
> review>
> > |
> > > > > > > > DEPLOYMENT
> > > > > > > > GUIDES
> > > > > > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > > > > > deployment-guides&?gclid=ES2017>
> > > > > > > >  | BLOG <https://www.loadbalancer.org/
> > > ?category=blog&?gclid=ES2017
> > > > >
> > > > > > > >
> > > > > > > > On 18 June 2017 at 01:16, linbo liao <llbgurs@xxxxxxxxx>
> > wrote:
> > > > > > > >
> > > > > > > > > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no
> > > netmask
> > > > > > > support
> > > > > > > > in
> > > > > > > > > configuration, the default netmask is 255.255.255.255. I
> test
> > > > > default
> > > > > > > > > netmask, looks everything works fine.
> > > > > > > > >
> > > > > > > > > So what's the proper netmask for vip, 255.255.255.255 or
> > > > > > 255.255.255.0?
> > > > > > > > >
> > > > > > > > > Thanks,
> > > > > > > > > Linbo
> > > > > > > > > _______________________________________________
> > > > > > > > > Please read the documentation before posting - it's
> available
> > > at:
> > > > > > > > > http://www.linuxvirtualserver.org/
> > > > > > > > >
> > > > > > > > > LinuxVirtualServer.org mailing list -
> > > > lvs-users@LinuxVirtualServer.
> > > > > > org
> > > > > > > > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > > > > > > > or go to http://lists.graemef.net/
> mailman/listinfo/lvs-users
> > > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > Please read the documentation before posting - it's available
> > at:
> > > > > > > > http://www.linuxvirtualserver.org/
> > > > > > > >
> > > > > > > > LinuxVirtualServer.org mailing list -
> > > lvs-users@LinuxVirtualServer.
> > > > > org
> > > > > > > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Please read the documentation before posting - it's available
> at:
> > > > > > > http://www.linuxvirtualserver.org/
> > > > > > >
> > > > > > > LinuxVirtualServer.org mailing list -
> > lvs-users@LinuxVirtualServer.
> > > > org
> > > > > > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > > >
> > > > > > _______________________________________________
> > > > > > Please read the documentation before posting - it's available at:
> > > > > > http://www.linuxvirtualserver.org/
> > > > > >
> > > > > > LinuxVirtualServer.org mailing list -
> lvs-users@LinuxVirtualServer.
> > > org
> > > > > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > >
> > > > > _______________________________________________
> > > > > Please read the documentation before posting - it's available at:
> > > > > http://www.linuxvirtualserver.org/
> > > > >
> > > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> > org
> > > > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > >
> > > > _______________________________________________
> > > > Please read the documentation before posting - it's available at:
> > > > http://www.linuxvirtualserver.org/
> > > >
> > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> org
> > > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > >
> > > _______________________________________________
> > > Please read the documentation before posting - it's available at:
> > > http://www.linuxvirtualserver.org/
> > >
> > > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > >
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>