LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: hidding loopback interface does not work properly

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: hidding loopback interface does not work properly
From: Horms <horms@xxxxxxxxxxxx>
Date: Wed, 29 Oct 2003 19:16:51 +0900
On Wed, Oct 29, 2003 at 04:33:46AM -0500, John Barrett wrote:
> Let me rephrase one statement:
> Having the VIP hidden on the lo interface of a director is failing because
> lo doesnt have a mac
> address, and direct routing works by rewriting mac addresses. (or does it -- 
> could you assign an IP to the lo at startup and use that as a realserver
> address in the LD config ??)

I don't believe that is the problem. LVS-DR does work by
rewriting the MAC address. But it is rewritten to the
MAC address of the real server (which is obtained by
the Linux Director using ARP). So lo not having
a MAC address should not be an issue.

In any case the problem doesn't seem to be with LVS and loadbalancing
requests, but rather with arp replies.

> ----- Original Message ----- 
> From: "John Barrett" <jbarrett@xxxxxx>
> To: "LinuxVirtualServer.org users mailing list."
> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Sent: Wednesday, October 29, 2003 4:20 AM
> Subject: Re: hidding loopback interface does not work properly
> 
> 
> > I'm a relative LVS newbie -- so feel free to shoot me down if I
> > missed something :)
> >
> > Having the VIP on the lo interface is failing because lo doesnt have
> > a mac address, and direct routing works by rewriting mac addresses.
> >
> > If you are using heartbeat+ldirector with HB launching LD, ldirector
> > isnt running on any machine that is not currently handling the VIP.
> > So asking if "ldirector is available" doesnt make a lot of sense --
> > if the machine is up at all (easily determined by opening any known
> > active port on the DIP, such as ssh, or even just ping the DIP),
> > then technically "ldirector is available", but may not be active at
> > the moment if another machine is currently handling the VIP

ldirectord can run on both the active and standby linux director.
Usually this is pretty harmless.

> > What might be more useful is to have each HB+LD system run a local
> > server that identifies the system, perhaps by setting up a private
> > address on lo (192.168.1.1 will do, and you can use the same IP on
> > all the hb+ld machines), then binding the server to that address --
> > configure LD to route a port to that ip using NAT. Since the NAT
> > address is handled locally, each HB+LD system will use its local
> > server to answer requests. Return the hostname as part of the
> > response and you can identify which HB+LD is currently active.

I agree with that. The machine probably has its own address 
anyway so that address could be used.

-- 
Horms
<Prev in Thread] Current Thread [Next in Thread>