On Mon, Oct 30, 2000 at 10:37:21PM +0000, Julian Anastasov wrote:
> Hello,
>
> On Mon, 30 Oct 2000, Ard van Breemen wrote:
>
> > Hi,
> > In many of the howto-s, and other such documents, people are constantly
> > refering to the arp-problem.
> >
> > I'm currently setting up a load balanced direct-routing scheme where
> > each real-web-server can act as the load-balancer. Meaning: with 20
> > web-servers (okay, only 4 around here), not only 19 webservers can die,
> > but also 19 load balancers :).
> > But in the current setup I did not find anything resembling the
> > arp-problem.
>
> Read the docs again!
>
> The "ARP problem" has two parts:
>
> 1. The real servers must not answer for shared addresses (VIP)
>
> No ARP requests - no problem.
Correct. Prevent arp-requests by not having the vip in the same logical
net (although physically is not a problem).
> 2. The real servers must send ARP requests with uniq source address
>
> These requests are usually for the director or the local
> clients:
>
> real server to all: who-has ROUTER/CLIENT tell VIP
>
> If you have static ARP entry for the default gateway and the
> local clients in all real servers, you solve the 2nd problem. This
> problem occurs usually with Linux 2.2+ real servers.
>
> I'm not sure whether you solve problem #2, you don't mention
> how you avoid using ARP requests from the real servers.
>
This is the setup:
eth0: rs ip in a real server net.
eth0:x vip in a vip net. For the vip net, no routers exist, but for
the real server net the router exists. So, I guess linux would not
be a pain and do arps with an IP that is not on the same logical
net (hey, physically they are, but who cares...).
So: By splitting the net into a realserver net and a vip net, all
problems are solved. The router can only get to the vip net through
the director. But, hey, these realservers see that their routing back
is on one of their interfaces, so they route back directly. All
real servers and the director share the vip-net and the real-server
net.
>
> Possible with ARP problem too.
>
Even if a realserver arp's the router, the routing to the vip will
go through the director by means of gatewaying (Although arp replies
will be replied on the same physical net to the requesting mac).
So we are not setting up static arp entries, we are setting up static
ip routing for the vip-net through the director, whatever machine that
may be. (the director ip can be any of the machines by aliasing the
dip, and sending unsolicited arps... Kinda like heartbeat seems to
work :) ).
Maybe that is what I need to make clear: we are splitting the network
into the realserver-net, which is just reachable by anyone, and the
virtualserver-net, which is only reachable through the director.
One thing though: if I was working on a hub, and decided to tcpdump
the traffic (i.e.: promisc the interface), then yes, I would be in big
problems :)... But putting it on a hub is not something I intend to
do... My setup clearly states the need for a switch, and access to the
routing table of the router (which can be done using some routing
protocol if cli access seems to be a problem).
--
Ard van Breemen, T(elegraaf)E(lektronische)M(edia)
http://www.faqs.org/rfcs/rfc1855.html
**THIS E-MAIL MESSAGE IS VIRUS FREE BY COMPLYING TO THE ASCII STANDARD**
|