|
Julian Anastasov wrote:
> layer 2 software under CONFIG_BRIDGE option (the currently discussed
> solution):
>
> http://bridge.sourceforge.net
thanks
> > Packets passed by earlier implementations of proxy-arp are not seen by
> > iptables and
> > can't be filtered.
> >
> > ->(Does this help for the director?)
>
> iptables should see packets when proxy ARP is used. Can
> you explain what you mean?
in
http://www.tldp.org/HOWTO/Adv-Routing-HOWTO-16.html#ss16.1
it says that iptables doesn't see bridged packets.
My original idea was to send packets from the realservers in LVS-DR through
a bridging director, to solve the martian problem. The reply I got was that
the director would still see these packets as martians. Presumably the
upper layers are looking at the IP addresses.
> > The difference between bridging with Linux and bridging with dedicated
> > layer-2
> > hardware is that Linux acts at the IP and higher layers.
>
> With the Linux Bridging Linux is fully functional Layer 2 Switch.
will martian packets be bridged?
>
> > Initially I thought that bridging could be used to send packets through the
> > director to 0/0 from a realserver in LVS-DR, thus solving the
> > <ref id="martian" name="martian problem">. Julian told me that
> > the packets would still be seen by the upper layers and the packets
> > would still be seen as martians.
>
> Joe, can you send me reference to this (date?), I remember
> something similar we talked but don't remember the context. It is
> true only for proxy ARP or for Bridging when DIP is used as GW IP,
> see below:
it was a long time ago. I've restated my question above and we can start
again if you like. It looks like new bridging code has arrived since then,
so we have a new situation anyhow.
> With Bridging the real servers can send packets to the
> uplink router through the director's layer 2 bridge. So, yes, the
> packets are handled from director but do not reach routing. The
> trick is that if the packets are destined to the director's MAC (which
> is always true for proxy ARP) then in both solutions the IP
> packet reaches routing. So, the director's IP should not be used
> as gateway. But director can run Linux Bridging and to stay betwen
> the real server(s) and the client(s)/uplink router. In this case
> the real servers don't know that when talking to the uplink
> router's MAC their packets go through director's layer 2.
so would this solve the martian problem?
will this solve the problem of the original posting (allowing clients
to access a server, while the server is being built into a working
LVS without breaking service to the clients)?
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
