LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: duplicate ip due to ip faking

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: duplicate ip due to ip faking
From: Horms <horms@xxxxxxxxxxxx>
Date: Mon, 9 Jul 2001 13:32:32 -0700
On Mon, Jul 09, 2001 at 08:16:47PM +0200, Miri Groentman wrote:
> In ?High Availability?
> (<http://www.linuxvirtualserver.org/HighAvailability.html>) it is mentioned
> that the backup server activates Fake and fakes the server?s ip, and when
> the server (LinuxDirector) is up again, it releases the ip it was faking. My
> question is: Can there be a situation in which both LinuxDirector and the
> backup have the same ip address at a given moment ? (exaples to such a
> situation: A. In case a crucial demon on LinuxDirector is down, but the
> LinuxDirector itself is up and can respond to ARP. In such a case the backup
> might take over, faking LinuxDirector?s ip because of the crucial demon
> that?s down. Both LinuxDirector  and the backup might respond to the an ARP
> with the same ip address. 
> B. In case the LinuxDirector  has recovered after a crash, and it is up
> again, but the backup hasn?t learned about it yet, again, both LinuxDirector
> and the backup have the same ip. What happens to a packet directed at the
> LinuxDirector  arriving at such time? )

This depends on how you do the IP address takeover. If you are using fake
then it will periodically send out gratuitous ARP. This is done more
frequently than the typical expiry time on ARP caches - once per second,
where ARP caches typically expire after several minutes. ARP cache entries
should never expire due to being constantly flushed by gratuitous arp. As
the cache doesn't expire, there should be no reason to issue an arp request
for the "faked" IP address and no chance for a reply from a broken server
that is still able to answer ARP.

-- 
Horms


<Prev in Thread] Current Thread [Next in Thread>