Dan wrote:
>
> Okay. If I don't have an ip on eth0 that's in the same network as the default
> gw, how does the real server ever get the arp response from the gw?
there are two IPs on the realserver, VIP, RIP. You don't want the VIP
replying to arp requests. The RIP can reply to arp requests, but there
should be no packets being sent from the GW to the RIP and in a secure setup,
you will not have a route to the RIP from the GW.
> This is what I did:
>
> ------------
> | client |
> ------------
> |
> --------
> | GW |
> --------
> | x.y.z.1
> | ------------eth1
> |-----------| director |--------
> | eth0------------ |
> | |
> | -------------- |
> --------------| realserver |----
> eth0--------------eth1
>
> === On director ===
>
> eth0 - x.y.z.1 netmask 255.255.255.0
> eth0:0 - VIP netmask 255.255.255.0 (arps)
> eth1 - 192.168.0.1 netmask 255.255.255.0
>
> === on realserver ===
>
> dummy0 - VIP netmask 255.255.255.255 (no arp)
> eth0 - 0 (no ip)
> eth1 - 192.168.0.2 netmask 255.255.255.0
>
> I then added the routes and the arp entry:
>
> route add -net x.y.z.0 netmask 255.255.255.0 dev eth0
> route add default gw x.y.z.1 dev eth0
> arp -s x.y.z.1 MAC_OF_GW
in a normal setup you don't need the arp command. Did you
need this because there is no IP on eth0?
> This actually works, but the last bit about adding the routing and the arp
> entry
> manually seems kind of hackish. Is this ok to do?
I spose so. If you aren't going to have an IP on eth0, you're going to have
to handle some stuff by hand.
Ted Pavlic posted some stuff about using 0 as an IP
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-DR.html#route_on_non_ip_interface
does any of his stuff relate to what you're doing?
why don't you want an IP on the realserver?
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|