Re: Fwd: hidden patch (noarp) - really need?

[Wensong Zhang <wensong@xxxxxxxxxxxx>]

Hello,

For the LVS/DR or LVS/TUN cluster using the following network topology, 
i.e. routers for incoming packets and outgoing packets are different, you 
don't need apply the hidden patch on real servers.

        Incoming Traffic

        |
        Router
        |
    -------------------------------------
        |       |
        LB1     LB2
        |       |
    ------------------------------------- Internal netowrk
        |       |       |       |
        RS1     RS2     RS3     RS4
        |       |       |       |
    -------------------------------------
        |       |
        Router  Router
        |       |

        Outgoing Traffic


However, for the LVS/DR or LVS/TUN cluster using the following network, 
you do need to make sure that real servers do not do ARP response for VIP.

        Incoming Traffic

        | 
        Router
        |
    -------------------------------------
        |       |       |       |       |
        LB1     LB2     RS1     RS2     RS3
        |       |       |       |       |
    ------------------------------------- Internal netowrk

Regards,

Wensong


On Wed, 9 Oct 2002, Andrey Nekrasov wrote:

> 
> Hello.
> 
> I am try use kernel (almost casually) with out "hidden patch".
> I was surprised - but real-server - normally works!
> 
> Now hidden-patch really it is not necessary?
> 
> 
> Kernel:
> ftp://ftp.suse.com:/pub/people/mantel/next/linux-2.4.19.SuSE-25.tar.bz2
> 
> 1.
> 
> # echo 1 > /proc/sys/net/ipv4/conf/dummy0/hidden
> bash: /proc/sys/net/ipv4/conf/dummy0/hidden: No such file or directory
> 
> diamond:/var/log # echo 1 > /proc/sys/net/ipv4/conf/all/hidden
> bash: /proc/sys/net/ipv4/conf/all/hidden: No such file or directory
> 
> 
> 
> 2. IPVS config:
> 
> # ipvsadm -L -n
> IP Virtual Server version 1.0.5 (size=32768)
> Prot LocalAddress:Port Scheduler Flags
>   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> TCP  192.168.15.68:80 wlc persistent 300
>   -> 192.168.0.41:80              Tunnel  1      52         1487      
>   -> 192.168.0.42:80              Tunnel  1      69         651       
> TCP  192.168.15.68:443 wlc persistent 300
>   -> 192.168.0.41:443             Tunnel  1      0          0         
>   -> 192.168.0.42:443             Tunnel  1      0          0         
> TCP  192.168.15.70:443 wlc persistent 300
>   -> 192.168.0.41:443             Tunnel  1      1          1         
>   -> 192.168.0.42:443             Tunnel  1      1          5         
> #
> 
> 
> 3. REAL server config:
> 
> #cat real-server.sh
> #!/bin/sh
>       echo 1 > /proc/sys/net/ipv4/ip_forward
>       ifconfig tunl0 0.0.0.0 up
>       ifconfig dummy0 0.0.0.0 up
>       echo 1 > /proc/sys/net/ipv4/conf/all/hidden
>       echo 1 > /proc/sys/net/ipv4/conf/dummy0/hidden
>       ifconfig dummy0:0 192.168.15.68 up
>       ifconfig dummy0:1 192.168.15.70 up
> 
> 
> # ifconfig 
> dummy0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
>           UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0 
> 
> dummy0:0  Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
>           inet addr:192.168.15.68  Bcast:192.168.15.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
> 
> dummy0:1  Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
>           inet addr:192.168.15.70  Bcast:192.168.15.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
> 
> 
>