LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: hard wired solution to arp problem

To: Joseph Mack <mack@xxxxxxxxxxx>
Subject: Re: hard wired solution to arp problem
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 25 Nov 1999 08:45:00 +0200 (EET)
        Hi Joe,

On Wed, 24 Nov 1999, Joseph Mack wrote:

> I was not thinking clearly. I was thinking that the machines on the LAN
> would be talking to the LVS via a router. THis is not what Julian was
> talking about.

        Is this mean:

+------+
|ROUTER|
+------+
    |
+-------+
|  LVS  | --------+----------------------------- LAN
+-------+         |
                +----+
                |WEB1| ...
                +----+

        May be I don't understand fully. This is same
as the MASQ case: default gw for real server is the MASQ
box. In this configuration there is no ARP problem.
Only the ROUTER and LVS are on the same LAN (if the media
allows broadcasts). All other hosts must be on same LAN:
LVS and all webs. If there is another host on the LAN which
can ARP query about VIP then we have the same problem.
ARP replies don't hurt only these hosts which have VIP
configured. In fact, LVS and the webs never send ARP
queries for the VIP. Even LVS doesn't send ARP query
"who-has ROUTER tell VIP" - only the webs can ask
"who-has LVS tell VIP" as they use the LVS as default
gateway. But I'm not sure if the LVS will reply
to this query as its src IP=VIP. It have to be tested.

        But this configuration is same as the MASQ,
i.e. outgoing traffic is redirected through LVS (MASQ).
The advantage of the DROUTE mode is that all web servers
can use any router for the outgoing traffic. For example,

+-------+
|ROUTER1|
+-------+
    |
    |LAN1
    |
    |
+-------+       +----+
|  LVS  |       |WEB1| ...
+-------+       +----+
    |             |     LAN 2               +-------+
    +-------------+---------------------->>>|ROUTER2|
                                            +-------+

But may be this is not so different, we always have to change
their default gateway if we suspect that this router is
not working. I'm not sure if this configuration is working
but it allows ROUTER1 and LVS to be on same LAN1 and
all webs and ROUTER2 to be on LAN2.

        This is a good example of configuration which is
not working. The problem is if the real servers ask
"who-has ROUTER2 tell VIP". So, we are at the same place:
to define permanent entries for the ROUTER2 in all
web servers. It is so complex to be working :)
In this configuration it is again not possible WEB1
for example to switch to LVS mode when LVS box is down.
Who knows, may be this configuration is useful for
someone?

        So, the user have to know the answers of these
questions:

- if it is not possible to define static arp entries
in the incoming router and if the LVS box and the real
servers are on same LAN, it is preferred the real
servers not to talk ARP about VIP. In Linux this
can be achived applying one of the two patches:
http://www.linuxvirtualserver.org/arp.html

- how many LVS boxes must be supported (only one active
at the same time)

- if the real servers ARP reply and how they ARP query, i.e.
is the src ip=VIP. So, it can choose the proper OS.

- if the real servers will use many routers for the
outgoing traffic

        So, this is a problem which can't be handled
properly for dynamic configurations. We (the users)
must be ready to isolate so many possible faults:
in the incoming routers, LVS (many LVS?), LAN switch (buy
one more?), many webs (thanks to LVS), outgoing
router(s). So, it depends.

        One thing which can be recommended: if some
of the webs can be configured to switch to LVS mode when
main LVS box is down (someone can configure all web
servers :)) this WEB and LVS have to be on same LAN with
the router, i.e. they must be ARP visible for the incoming
router. In this configuration it is easy the current LVS
box to send Gratuitous ARP reply when it's switched to LVS
mode. It is always preferred to use ARP for such
dynamic configurations. Permanent ARP entries are
useful only for static configurations.


Regards,

Julian Anastasov


----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>