Hi,
On Fri, 26 Nov 1999, Joseph Mack wrote:
> The setup above (with the added client) is VS-NAT. With VS-NAT there is no
> forwarding in either direction except packets under the control of the
> LVS, so even if the director has only one NIC, it is acting as a firewall.
>
> there is no arp problem here - agreed
>
> When he director has two network cards and the director is in VS-Tun or
> VS-DR ("Lars' method" in the HOWTO, Lar's ws the first to tell me about
> this, so I named it after him), there is no arp problem either. This
> probably is the most general solution (the price of an extra NIC is small
> compared to all the messing around we have done trying to handle the arp
> problem).
>
> All other hosts must be on same LAN:
> > LVS and all webs. If there is another host on the LAN which
> > can ARP query about VIP then we have the same problem.
>
> I'm assuming there are no clients on the piece of network you have
> labelled as "LAN"
>
> > ARP replies don't hurt only these hosts which have VIP
> > configured. In fact, LVS and the webs never send ARP
> > queries for the VIP. Even LVS doesn't send ARP query
> > "who-has ROUTER tell VIP" - only the webs can ask
> > "who-has LVS tell VIP" as they use the LVS as default
> > gateway.
>
> I have assumed that the realservers do not ask "who has ROUTER tell VIP"
> - I thought they only asked "who has ROUTER tell realserverIP".
This is incorrect assumption. If You apply one of the two patches
You will see in the kernel log that real servers send ARP queries with
SIP=VIP (who-has LVS tell VIP).
>
> But I'm not sure if the LVS will reply
> > to this query as its src IP=VIP. It have to be tested.
>
> The realserver has a packet src=VIP,dest=ClientIP but
> when it asks for a route to ClientIP it does so from
> the realserverIP (I thought). The LVS works fine for
> me if there is no route for the VIP on the realservers.
No. It works because there are no other hosts to ask "who-has VIP
tell HOST". But the real servers always ask "who-has LVS tell VIP" and may
be reply is not send from LVS as the VIP is configured in LVS too.
> > In this configuration it is again not possible WEB1
> > for example to switch to LVS mode when LVS box is down.
>
> I'm sorry I don't understand this sentence.
Sorry, I'm always talking about the more complex configuration
where any number of the real servers can work as LVS when the host LVS is
down. But the above configuration works, i.e. one LVS box and no other
hosts on the LAN which can ask "who-has VIP tell HOST".
> do you mean that if a director fails, that a realserver
> takes over the role of director? That's a neat idea.
Yes, it is already working idea. But the ARP must be patched.
Regards,
Julian Anastasov
----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
|