LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: arp problems

To: Scott Laird <laird@xxxxxxxxxxxx>
Subject: Re: arp problems
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Julian Anastasov <ja@xxxxxx>
Date: Fri, 6 Jul 2001 21:41:53 +0300 (EEST)
        Hello,

On Fri, 6 Jul 2001, Scott Laird wrote:

> I may be missing something here, but I've never really understood why
> everyone has so many problems with ARP and LVS.

        You are happy man :)

> We're currently only using LVS in testing in our lab.  We're using tunnel
> mode, not DR, but they're fairly similar.  We can definately get ARP
> problems in our setup if we misconfigure things.
>
> The big trick to doing things right is to use the 'iproute' program
> (/sbin/ip, usually) instead of ifconfig or any of RedHat's network config
> tools.  Here's how we bring up a tunnel:
>
>  /sbin/ip tunnel add tunnel-lvs1 mode ipip local $ME remote $LVS1 dev eth0
>  /sbin/ip link set tunnel-lvs1 up
>  /sbin/ip addr add $VIP/32 brd + dev tunnel-lvs1 scope link

        even scope host does not help :)))

> The important bit is the 'scope link' on the last line.  That keeps the
> kernel from arping on the wrong interface.  This works on stock 2.4.3 and

        To sleep better check this:

1. Stop your VIP in the director (the VIPs remain only on the RSs)

2. Check for VIP from client or from the uplink gateway that feeds LVS:

arp -d VIP ; ping VIP

What is the ping status? Of course, check the source MAC of the ping
replies. There are setups that the RSs will not reply but in most of
the cases they reply.

        If this works for you don't be very happy. The ARP problem
contains two parts. The 1st was to ignore the remote ARP probes.
The second is not to announce the VIP as source in the ARP probes
from the real servers when resolving the nexthop for the out traffic.
When the in and out router are same box bad things happen. Of course,
in test setups sometimes the ARP table entry change is not noticed from
the users, the uplink routers sends the traffic to one real server
directly, not to the LVS box. The service still works (served from
one real server). The real server with its ARP probes changes the entry
for VIP in the remote hosts (the nexthops for the traffic with src=VIP).

> 2.4.5-ac8; I doubt that it's actually changed since 2.2, but all of test
> boxes currently run 2.4.x, so I haven't tested it.
>
> In the lab, we have a pair of LVS boxes using heartbeat and ldirectord, so
> we end up creating two sets of tunnels using this template; one is
> tunnel-lvs1 and the other is tunnel-lvs2.  It seems to work perfectly.
>
>
> Scott


Regards

--
Julian Anastasov <ja@xxxxxx>



<Prev in Thread] Current Thread [Next in Thread>