|
At 13:40 08/09/2000 -0400, you wrote:
> After trying to use Direct Routing on an ATM network I discovered that
> because of the ATM it is not possible to have duplicate MAC addresses for
a
> single IP. The cluster will be a telnet / compute cluster which will load
> balance telnet, ftp, and SSH traffic.
Hm. That's interesting.
Now are you saying that the ATM doesn't like:
* the director ARPing for those addresses and the real servers sending
responses for them
-- If this is the case, rather than having your director ARP for the
addresses, ROUTE the addresses directly to the director.
* packets destined for each VIP heading toward different real servers at
different times
* packets from the same VIPs coming from different real servers
-- If one of these are the case, have you tried LVS-TUN?
The problem is that when the real-servers reply to a machine that requires
a route across the ATM, the packets that are sent claim to be from the VIP
(which the director ARPs for and the ATM registers the director MAC as
belonging to that IP address) BUT they have different MAC addresses because
the come from different real-servers. So there are lots of packets claiming
to be from the VIP, all with different MAC addresses :). The ATM won't
route these for two reasons (having talked to the manufactures) 1) to
prevent IP spoofing attacks on the network. 2) the MAC address is
fundamental to the way that the ATM routing software route IP packets - it
is not possible for it to deliver packets to more than one MAC address for
a given IP - doh!
I though about IP tunnelling (as all the boxes are linux) but the boxes
will still reply from the VIP (correct?) and so the problem remains.
The key feature for the solution is that there has to be a 1-1 relationship
between MAC addresses and IP addresses.
Cheers for all your comments.
Steve.
----------------------------------------------------------------------------
Going to church doesn't make you a Christian any more than going to a garage
makes you a mechanic.
|
