On Wed, 12 Jan 2000, Joseph Mack wrote:
> On Tue, 11 Jan 2000, Ray Bellis wrote:
>
> > On Mon, 10 Jan 2000, Joseph Mack wrote:
> >
> > > What does "pretend" mean?
> >
> > I mean that the VIP is assigned from the same subnet as the RIPs but isn't
> > physically present on the LAN segment, only in the loopback interfaces of
> > every box (including the directors).
>
> So all machines have the VIP on lo (lo:0)? Why do you say that this IP
> isn't present on the LAN?
Because physically it isn't. Actually, I've gone back over our
configuration and realised that a little of what I've posted was what we
were trying to do with LVS-DR, rather than what we actually did with
LVS-NAT.
In fact, each real-server has a RIP, and a masqueraded IP assigned from
192.168.x.x. The directors have the VIP loopback alias configured *but*
in our configuration that VIP is assigned from the same subnet as the
RIPs. The directors receive inbound traffic because they are the
designated routers for the RIP subnet. The director then sees that the
destination address is the VIP and starts masquerading the connection.
In most other configurations it seems that the VIP is assigned from the
external interface's subnet, but then you have to do ARP spoofing and
monitoring if you want to provide director redunduncy, because, as you
know, you can't have two boxes with the same IP address on an ARP-ing
interface.
In our configuration that isn't necessary, routing protocols are used to
make sure that packets destined for the LVS arrive at the directors.
In fact, we neatly avoid the ARP problem (even though technically our VIPs
are on an ARP-ing interface) because the rest of the boxes on my external
network know because of routing protocols that to reach the VIP they
should ARP not the VIP itself but the real IP address of the currently
preferred director. [NB: IP systems only send ARP requests for systems
on their local subnet(s)]
> so director failover is automatic?
Yes.
> How do you set up and run the router with the same IP attached twice?
It's not one router, it's two separate routers, each of which has the VIP
attached once.
> How does the router detect director failure?
The router *is* the director. Director failure is the same as router
failure.
Ray.
--
Ray Bellis, MA(Oxon) - Technical Director - community internet plc
Windsor House, 12 High Street, Kidlington, Oxford, OX5 2PJ
tel: +44 1865 856000 email: ray.bellis@xxxxxxxxxxxxxxxx
fax: +44 1865 856001 web: http://www.community.net.uk/
----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
|