so that begs a good question. why does keepalived/ipvs not take into accoun the
loopback during healthchecking?
this was pounded out on my iPhone and i have fat fingers plus two left thumbs
:)
> On Aug 19, 2015, at 06:51, Alex Lopez <alxmlpz@xxxxxxxxx> wrote:
>
> if u are using direct return , how about the loopback addition to the real
> servers ?
>
>
>
>> On Tue, Aug 18, 2015 at 10:44 PM, Jamie Dahl <jamied@xxxxxxxxxxxx> wrote:
>>
>> so yah, i've always seen the following settings applied to
>> /etc/sysctl.conf on linux hosts that are behind DR/DSR vips:
>> net.ipv4.conf.lo.arp_ignore=1
>> net.ipv4.conf.lo.arp_announce=2
>> net.ipv4.conf.all.arp_ignore=1
>> net.ipv4.conf.all.arp_announce=2
>> [jdahl@proxy-3-edge ~]$
>>
>> however after reading yoru email again, I'm not thinking this is the issue.
>>
>> I assume you are allowing a permit in iptables to the VIP IP on the real
>> servers?
>>
>>
>>
>> >
>> > Hello,
>> >
>> > I just configured an environment of two LVS servers with three real
>> > servers, and it works fine ... in the same network. When we try to
>> > access the web server through the virtual IP from another network,
>> > suddenly it doesn't work, this noted in the fact that we can't access
>> > the VIP, but it still works in the same network. But, if I shutdown one
>> > of the servers, it works perfectly.
>> >
>> > My configuration is Direct Routing. My doubt is in the ARP
>> > configuration. I read on section 6.8 at
>> > http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.arp_problem.html
>> > that the following commands must be executed to properly configure
>> > arptables on every real server:
>> >
>> > # arptables -A IN -d $VIP -j DROP
>> > # arptables -A OUT -s $VIP -j mangle --mangle-ip-s $RIP
>> >
>> >
>> > But looking at RedHat documentation (I'm working with RHEL servers)
>> > mentions on section 3.2.1 at
>> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Virtual_Server_Administration/s1-lvs-direct-VSA.html#s2-lvs-direct-arptables-VSA
>> > that the configuration to use is:
>> >
>> > arptables -A IN -d <virtual_ip> -j DROP
>> > arptables -A OUT -d <virtual_ip> -j mangle --mangle-ip-s <real_ip>
>> >
>> >
>> > So ... Austintek uses the VIP as a source on the OUT chain, but RedHat
>> > uses it as a destiny. Can anyone tell me what is the right
>> > configuration? And could it be the cause of my problem, not being able
>> > to access my balancers with three real servers from outside the network?
>> > Funny thing is, both configurations seem to work the same way, which one
>> > is correct?
>> >
>> > Thanks in advance.
>> >
>> > Israel.
>> >
>> >
>> > _______________________________________________
>> > Please read the documentation before posting - it's available at:
>> > http://www.linuxvirtualserver.org/
>> >
>> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>> >
>>
>>
>> --
>>
>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|