lvs-users
|
|
lvs-users
|
| To: | "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: LVS-DR, Cisco switch, and ARPtables |
| Cc: | gibonsr@xxxxxxxxxxxxxxxxxxxxxx |
| Cc: | rippeld@xxxxxxxxxxxxxxxxxxxxxx |
| Cc: | farrellr@xxxxxxxxxxxxxxxxxxxxxx |
| From: | Brett Simpson <simpsonb@xxxxxxxxxxxxxxxxxxxxxx> |
| Date: | Thu, 2 Dec 2004 07:25:48 -0500 |
On Wednesday 01 December 2004 20:22, Con Tassios wrote:
> I've used the following arptables configuration on RHEL v.3 real servers in
> a LVS-DR configuration to handle the ARP problem and allow hosts on the
> same subnet to connect to the VIP.
>
> arptables -F
> arptables -A IN -d $VIP -j DROP
> arptables -A OUT -s $VIP -j mangle --mangle-ip-s $RIP
> service arptables_jf save
> chkconfig arptables_jf on
I see you have your arptables OUT entry different than mine. I went ahead and
changed mine to match yours on both Real Servers. I'm assuming the $RIP is
the IP local to the server?
This worked on all of my subnets until a couple hours later. At that time I
could only ping 172.27.21.210 from a client on the 172.27.21.x subnet. Any
other subnet wouldn't ping ok until I removed, re-added, and sent a
Gratuitous arp for 172.27.21.210 on my LVS Director.
Configuration details:
172.27.21.210 - LVS Director IP on Proxy1
172.27.21.211 - Proxy1
172.27.21.212 - Proxy2
[root@proxy1 root]# arptables -L -n
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw
destination-hw hlen op hrd pro
DROP 0.0.0.0/0 172.27.21.210 00/00 00/00
any 0000/0000 0000/0000 0000/0000
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw
destination-hw hlen op hrd pro
mangle 172.27.21.210 0.0.0.0/0 00/00 00/00
any 0000/0000 0000/0000 0000/0000 --mangle-ip-s 172.27.21.211
[root@proxy2 root]# arptables -L -n
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw
destination-hw hlen op hrd pro
DROP 0.0.0.0/0 172.27.21.210 00/00 00/00
any 0000/0000 0000/0000 0000/0000
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw
destination-hw hlen op hrd pro
mangle 172.27.21.210 0.0.0.0/0 00/00 00/00
any 0000/0000 0000/0000 0000/0000 --mangle-ip-s 172.27.21.212
[root@proxy1 root]# ipvsadm -L -n
IP Virtual Server version 1.0.8 (size=65536)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.27.21.210:0 dh persistent 3600
-> 172.27.21.212:0 Route 1 0 0
-> 172.27.21.211:0 Local 1 0 0
[root@proxy2 root]# ipvsadm -L -n
IP Virtual Server version 1.0.8 (size=65536)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.27.21.210:0 dh persistent 3600
-> 172.27.21.212:0 Local 1 0 1
-> 172.27.21.211:0 Route 1 0 0
Brett
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | strange "NOT HIT" messages sometimes, Jakub Suchy |
|---|---|
| Next by Date: | Re: strange "NOT HIT" messages sometimes, Jakub Suchy |
| Previous by Thread: | Re: LVS-DR, Cisco switch, and ARPtables, Con Tassios |
| Next by Thread: | Re: LVS-DR, Cisco switch, and ARPtables, Joseph Mack |
| Indexes: | [Date] [Thread] [Top] [All Lists] |