|
On 19.05.2014 23:39, Alex Attarian wrote:
[SNIP]
>> load01 -> proxy01 -> interface eth2:0
>> =============================================================
>> Network config on proxy01:
>> eth2 Link encap:Ethernet HWaddr 08:00:27:01:B4:79
>> inet addr:10.0.200.52 Bcast:10.0.200.255 Mask:255.255.255.0
>> inet6 addr: fe80::a00:27ff:fe01:b479/64 Scope:Link
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:221795 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:213292 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:19749301 (18.8 MiB) TX bytes:20172223 (19.2 MiB)
>>
>> eth2:0 Link encap:Ethernet HWaddr 08:00:27:01:B4:79
>> inet addr:10.0.200.60 Bcast:10.0.200.60 Mask:255.255.255.255
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[SNIP]
What do you do to prevent ARP responses from proxy01 for the IP
10.0.200.60? The usual way this is done by configuring this IP on
interface lo:0 and then putting something like this in you sysctl.conf file:
# LVS DR routing parameters
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.eth0.arp_ignore=1
net.ipv4.conf.eth0.arp_announce=2
...
An alternative is to not configure the VIP on the realserver at all and
instead put this iptables rule there:
iptables -t nat -A PREROUTING -p tcp -d <VIP> -j REDIRECT
Regards,
Dennis
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
