|
Hi,
There are some open questions in the LVS HOWTO. Here are
some answers for the Linux 2.2(.14):
ARP problem, some rules:
- ARP responses
- all local IP addresses are replied: lo, eth,
tunl*, dummy* but with some exceptions (see the next rules)
- 127.0.0.0/8(LOOPBACK) and 224.0.0.0/4(MULTICAST) are
not replied
- there is one exception for the "lo" interface: it is
possible the kernel to ignore the ARP request if the
source IP is from the same net as the net used to
configure "lo" alias. The specified network is treated
as local.
For example:
real# ifconfig lo:0 192.168.0.1 netmask 255.255.255.0
broadcast 192.168.0.255 up
"real" treats all packets with source addr from
192.168.0.0/24 which come from the other devices (eth0)
as invalid, i.e. source address validation works in
this case and the ARP request are not replied. The kernel
thinks: "The incoming packet arrived with
saddr=local_IP1 and daddr=local_IP2(VIP), so it is invalid".
By this way the host from the LAN can't talk to the
real server if its lo alias is configured with
netmask != 255.255.255.255
ARP requests:
- all local addresses can be used by the kernel to
announce them as the source for the ARP request. They
are extracted from the outgoing packet. We tell the kernel
that these addresses are not uniq by setting
<interface>/hidden=1 (2.2.14). By this way the kernel
select the devices primary IP as the source of the ARP
request. We expect it is uniq in the LAN.
So, the recommendation for using the "lo" interface in the real
servers is:
- use netmask 255.255.255.255 when configuring lo alias. By this
way source validation doesn't drop the incoming packets to
this IP. LVS users usually define the net route through the eth
interface, so we can talk to other hosts from this network,
for example to send the packets to the client through the
default gateway. It is not needed to configure the alias with
mask != 255.255.255.255
So, the interfaces which can be used in the real servers to
listen for VIP are:
- lo aliases with netmask 255.255.255.255
- tunl*
- dummy*
All these devices must be marked as hidden to solve the ARP
problem when using Linux 2.2.
In the Director: there is no problem to configure the VIP
even on lo alias or dummy interface. If the interface is
not marked as hidden this VIP is visible for all hosts on
the LAN. Is it useful to configure VIP not on eth device?
Regards,
Julian Anastasov
----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
|
