LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: icmp-redirects, hung connection, tcpdump

To: Joseph Mack <mack@xxxxxxxxxxx>
Subject: Re: icmp-redirects, hung connection, tcpdump
Cc: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, "Justin M. Mahoney" <justin@xxxxxxxxxxxxxxxxxxxx>, <michael_e_brown@xxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Fri, 12 Jan 2001 21:11:57 +0000 (GMT)
        Hello,

On Fri, 12 Jan 2001, Joseph Mack wrote:

>
> > This is only a masquerading problem.
>
> hmm. You only need to handle redirects for VS-NAT and not for VS-DR and
> VS-Tun?

        Yes, only for VS-NAT the packets from the real servers hit
the forward chain, i.e. the outgoing packets. VS-DR and VS-TUN
receive packets only to LOCAL_IN, i.e. the FORWARD chain, where the
redirect is sent, is skipped. The incoming packets for LVS/NAT use
ip_route_input() for the forwarding, so they can hit the FORWARD chain
too and to generate ICMP redirects after the packet is translated.
So, the problem always exists for LVS/NAT, for packets in the both
directions because after the packets are translated we always use
ip_forward to send the packets to the both ends.

        I'm not sure but may be the old LVS versions used
ip_route_input() to forward the DR traffic to the real servers.
But this was not true for the TUN method. This call to ip_route_input()
can generate ICMP redirects and may be you are right that for the
old LVS versions this is a problem for DR. Looking in the Changelog
it seems this change occured in LVS version 0.9.4, near Linux 2.2.13.
So, in the HOWTO there is something that is true: there is no ICMP
redirect problem for LVS/DR starting from Linux 2.2.13 :) But the
problems remains for LVS/NAT even in the latest kernel. But this
change in LVS is not created to solve the ICMP redirect problem. Yes,
the problem is solved for DR but the goal was to speedup the forwarding
for the DR method by skipping the forward chain. When the forward
chain is skipped the ICMP redirect is not sent.

> Joe
>
> --
> Joseph Mack mack@xxxxxxxxxxx


Regards

--
Julian Anastasov <ja@xxxxxx>



<Prev in Thread] Current Thread [Next in Thread>