Re: [lvs-users] Fixing the Martian Packet issue on LVS-DR

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	Re: [lvs-users] Fixing the Martian Packet issue on LVS-DR
From:	Dennis Jacobfeuerborn <dennisml@xxxxxxxxxxxx>
Date:	Mon, 07 Oct 2013 20:14:13 +0200

On 07.10.2013 19:46, Khosrow Ebrahimpour wrote:
> Hello list,
>
> Recently we modified the configuration of our lvs systems to do LVS-DR
> as well as LVS-NAT. The setup works well with LVS-NAT has been working
> tirelessly for a year. A new VIP was added to load-balance using LVS-NAT
> with a setup something like the below diagram:
>
> CIP  --> VIP (192.168.17.44), gateway(192.168.2.1)--> RIP (192.168.2.51)
>
> We're now seeing the martian source problem whenever CIP originates from
> outside the 192.168.2.x subnet. I understand why we are getting the
> error, but hoping there's a solution to getting this setup working. Is
> anyone running a similar setup and has found a solution to the martian
> source problem?
>
> I have had a look at the information on the solution called "Julian's
> martian modification" in section 7.5.2
> (http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-DR.html#martian_modification)
> but that requires a patch to the kernel and I'm hoping to avoid having
> to do custom compiling a kernel.
>
> Note: the reason we decided to go with LVS-DR is that using LVS-NAT
> would leave all clients in the same subnet as the RIP (192.168.2.x)
> unable to use this service since the RIP would respond back directly to
> the CIP and the connection would be broken.

For a while now there is a setting 
/proc/sys/net/ipv4/conf/*/accept_local that should solve this at least 
in theory:

accept_local - BOOLEAN
        Accept packets with local source addresses. In combination
        with suitable routing, this can be used to direct packets
        between two local interfaces over the wire and have them
        accepted properly.

        rp_filter must be set to a non-zero value in order for
        accept_local to have an effect.

        default FALSE

When I tried this however I ended up with 100% cpu usage as the packets 
apparently ended up in some a routing loop of some kind.

If anyone has an idea how to make this work I would be interested in 
hearing about it as well.

Regards,
   Dennis

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] Fixing the Martian Packet issue on LVS-DR, Khosrow Ebrahimpour Re: [lvs-users] Fixing the Martian Packet issue on LVS-DR, Khosrow Ebrahimpour Re: [lvs-users] Fixing the Martian Packet issue on LVS-DR, Dennis Jacobfeuerborn <= Re: [lvs-users] Fixing the Martian Packet issue on LVS-DR, Khosrow Ebrahimpour

Previous by Date:	Re: [lvs-users] Fixing the Martian Packet issue on LVS-DR, Khosrow Ebrahimpour
Next by Date:	Re: [lvs-users] Fixing the Martian Packet issue on LVS-DR, Khosrow Ebrahimpour
Previous by Thread:	Re: [lvs-users] Fixing the Martian Packet issue on LVS-DR, Khosrow Ebrahimpour
Next by Thread:	Re: [lvs-users] Fixing the Martian Packet issue on LVS-DR, Khosrow Ebrahimpour
Indexes:	[Date] [Thread] [Top] [All Lists]