I tried the noarp module but it won't compile on my RHEL ES 3 servers. Besides
ArpTables comes with RHEL ES 3.
Thanks,
Brett
linux@xxxxxxxxxx 12/2/2004 2:17:36 PM >>>
why dont use the noarp in direct servers?
----- Original Message -----
From: "Brett Simpson" <Simpsonb@xxxxxxxxxxxxxxxxxxxxxx>
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Thursday, December 02, 2004 3:22 PM
Subject: Re: LVS-DR, Cisco switch, and ARPtables
Or can my director do LVS Localnode and Direct route?
simpsonb@xxxxxxxxxxxxxxxxxxxxxx 12/2/2004 7:25:48 AM >>>
On Wednesday 01 December 2004 20:22, Con Tassios wrote:
I've used the following arptables configuration on RHEL v.3 real servers
in
a LVS-DR configuration to handle the ARP problem and allow hosts on the
same subnet to connect to the VIP.
arptables -F
arptables -A IN -d $VIP -j DROP
arptables -A OUT -s $VIP -j mangle --mangle-ip-s $RIP
service arptables_jf save
chkconfig arptables_jf on
I see you have your arptables OUT entry different than mine. I went ahead
and
changed mine to match yours on both Real Servers. I'm assuming the $RIP is
the IP local to the server?
This worked on all of my subnets until a couple hours later. At that time I
could only ping 172.27.21.210 from a client on the 172.27.21.x subnet. Any
other subnet wouldn't ping ok until I removed, re-added, and sent a
Gratuitous arp for 172.27.21.210 on my LVS Director.
Configuration details:
172.27.21.210 - LVS Director IP on Proxy1
172.27.21.211 - Proxy1
172.27.21.212 - Proxy2
[root@proxy1 root]# arptables -L -n
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw
destination-hw hlen op hrd pro
DROP 0.0.0.0/0 172.27.21.210 00/00
00/00
any 0000/0000 0000/0000 0000/0000
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw
destination-hw hlen op hrd pro
mangle 172.27.21.210 0.0.0.0/0 00/00
00/00
any 0000/0000 0000/0000 0000/0000 --mangle-ip-s 172.27.21.211
[root@proxy2 root]# arptables -L -n
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw
destination-hw hlen op hrd pro
DROP 0.0.0.0/0 172.27.21.210 00/00
00/00
any 0000/0000 0000/0000 0000/0000
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw
destination-hw hlen op hrd pro
mangle 172.27.21.210 0.0.0.0/0 00/00
00/00
any 0000/0000 0000/0000 0000/0000 --mangle-ip-s 172.27.21.212
[root@proxy1 root]# ipvsadm -L -n
IP Virtual Server version 1.0.8 (size=65536)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.27.21.210:0 dh persistent 3600
-> 172.27.21.212:0 Route 1 0 0
-> 172.27.21.211:0 Local 1 0 0
[root@proxy2 root]# ipvsadm -L -n
IP Virtual Server version 1.0.8 (size=65536)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.27.21.210:0 dh persistent 3600
-> 172.27.21.212:0 Local 1 0 1
-> 172.27.21.211:0 Route 1 0 0
Brett
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
