I may be missing something here, but I've never really understood why
everyone has so many problems with ARP and LVS.
We're currently only using LVS in testing in our lab. We're using tunnel
mode, not DR, but they're fairly similar. We can definately get ARP
problems in our setup if we misconfigure things.
The big trick to doing things right is to use the 'iproute' program
(/sbin/ip, usually) instead of ifconfig or any of RedHat's network config
tools. Here's how we bring up a tunnel:
/sbin/ip tunnel add tunnel-lvs1 mode ipip local $ME remote $LVS1 dev eth0
/sbin/ip link set tunnel-lvs1 up
/sbin/ip addr add $VIP/32 brd + dev tunnel-lvs1 scope link
The important bit is the 'scope link' on the last line. That keeps the
kernel from arping on the wrong interface. This works on stock 2.4.3 and
2.4.5-ac8; I doubt that it's actually changed since 2.2, but all of test
boxes currently run 2.4.x, so I haven't tested it.
In the lab, we have a pair of LVS boxes using heartbeat and ldirectord, so
we end up creating two sets of tunnels using this template; one is
tunnel-lvs1 and the other is tunnel-lvs2. It seems to work perfectly.
Scott
On Fri, 6 Jul 2001, Jerry Glomph Black wrote:
>
> The ipchains/iptables REDIRECT method (introduced to this list by Mr Horms
> a long time ago) works fine, we've used it in production in the past.
>
> However, at -very- high packet loads it is far less CPU-efficient than
> getting the ARP settings correctly working. The REDIRECT method was bogging
> down our LVS boxes during peak traffic, something which does not happen with
> doing it the 'right way' with LVS-DR and silent arp-less interfaces on the
> real
> servers.
>
> Jerry Glomph Black
> International Man of Mystery
> RealNetworks
>
> On Fri, 6 Jul 2001, Noah Roberts wrote:
>
> > Alison Smith wrote:
> >
> > > /proc/sys/net/ipv4/conf/all/hidden is set to 1 for the real-servers and 0
> > > for the director.
> >
> > I don't know about the hidden thing your doing, but the ipchains (or
> > iptables
> > now) trick works great. Just send the real server the stuff for the VIP and
> > make it redirect it. No arp problem because only the director actually
> > responds to the VIP.
> >
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
|