LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: transparent bridging ?

To: Julian Anastasov <ja@xxxxxx>
Subject: Re: transparent bridging ?
Cc: Joseph Mack <mack.joseph@xxxxxxxxxxxxxxx>, lvs-users@xxxxxxxxxxxxxxxxxxxxxx, "John P. Looney" <john@xxxxxxxxxxxxx>
From: Joseph Mack <mack.joseph@xxxxxxx>
Date: Mon, 22 Apr 2002 11:26:05 -0400
Julian Anastasov wrote:


> layer 2 software under CONFIG_BRIDGE option (the currently discussed
> solution):
> 
> http://bridge.sourceforge.net

thanks

> > Packets passed by earlier implementations of proxy-arp are not seen by 
> > iptables and
> > can't be filtered.
> >
> > ->(Does this help for the director?)
> 
>         iptables should see packets when proxy ARP is used. Can
> you explain what you mean?

in 

http://www.tldp.org/HOWTO/Adv-Routing-HOWTO-16.html#ss16.1

it says that iptables doesn't see bridged packets.

My original idea was to send packets from the realservers in LVS-DR through
a bridging director, to solve the martian problem. The reply I got was that
the director would still see these packets as martians. Presumably the
upper layers are looking at the IP addresses.


> > The difference between bridging with Linux and bridging with dedicated 
> > layer-2
> > hardware is that Linux acts at the IP and higher layers.
> 
>         With the Linux Bridging Linux is fully functional Layer 2 Switch.

will martian packets be bridged?

> 
> > Initially I thought that bridging could be used to send packets through the
> > director to 0/0 from a realserver in LVS-DR, thus solving the
> > <ref id="martian" name="martian problem">. Julian told me that
> > the packets would still be seen by the upper layers and the packets
> > would still be seen as martians.
> 
>         Joe, can you send me reference to this (date?), I remember
> something similar we talked but don't remember the context. It is
> true only for proxy ARP or for Bridging when DIP is used as GW IP,
> see below:

it was a long time ago. I've restated my question above and we can start
again if you like. It looks like new bridging code has arrived since then,
so we have a new situation anyhow.
 
>         With Bridging the real servers can send packets to the
> uplink router through the director's layer 2 bridge. So, yes, the
> packets are handled from director but do not reach routing. The
> trick is that if the packets are destined to the director's MAC (which
> is always true for proxy ARP) then in both solutions the IP
> packet reaches routing. So, the director's IP should not be used
> as gateway. But director can run Linux Bridging and to stay betwen
> the real server(s) and the client(s)/uplink router. In this case
> the real servers don't know that when talking to the uplink
> router's MAC their packets go through director's layer 2.

so would this solve the martian problem? 

will this solve the problem of the original posting (allowing clients
to access a server, while the server is being built into a working
LVS without breaking service to the clients)?

Joe
-- 
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center, 
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA


<Prev in Thread] Current Thread [Next in Thread>