LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: LVS-DR, Cisco switch, and ARPtables

from [Brett Simpson] [Permanent Link]
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: LVS-DR, Cisco switch, and ARPtables
From: "Brett Simpson" <Simpsonb@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 03 Dec 2004 08:59:12 -0500 
Ok my Arptables is not working. I'm willing to give noarp a try but I'm getting 
a configure error.

checking for memset... yes
checking for strerror... yes
checking for strtol... yes
checking kernel headers... found in /usr/src/linux/include
checking running kernel... 2.4.21-20.ELsmp
2.4.21-20.ELBOOT
2.4.21-20.ELhugemem
2.4.21-20.EL
checking module directory... /lib/modules/2.4.21-20.ELsmp
2.4.21-20.ELBOOT
2.4.21-20.ELhugemem
2.4.21-20.EL/local
checking module versioning... yes
checking kernel header <linux/netfilter_arp.h>... found
checking kernel netfiltering... yes
configure: creating ./config.status
config.status: creating Makefile
sed: file ./confstatsjNjIx/subs-3.sed line 6: Unterminated `s' command
config.status: creating control/Makefile
sed: file ./confstatsjNjIx/subs-3.sed line 6: Unterminated `s' command
config.status: creating module/Makefile
sed: file ./confstatsjNjIx/subs-3.sed line 6: Unterminated `s' command
config.status: creating config.h
config.status: executing depfiles commands
configure: -------------------------------------------------------------
configure: MasarLabs Arp Filter - noarp  1.2.3
configure: -------------------------------------------------------------
configure: kernel version:    2.4.21-20.ELsmp
2.4.21-20.ELBOOT
2.4.21-20.ELhugemem
2.4.21-20.EL
configure: kernel headers:    /usr/src/linux/include
configure: module versioning: yes
configure: install module:    /usr/local/lib/modules/2.4.21-20.ELsmp
2.4.21-20.ELBOOT
2.4.21-20.ELhugemem
2.4.21-20.EL/local
configure: install sbin:      /usr/local/sbin
configure: install man:       /usr/local/man
configure: -------------------------------------------------------------
configure: WARNING: kernel headers and running kernel have different versions
configure: WARNING: running kernel:    2.4.21-20.ELsmp
configure: WARNING: headers version:   2.4.21-20.ELsmp
2.4.21-20.ELBOOT
2.4.21-20.ELhugemem
2.4.21-20.EL




>>> grahamp@xxxxxxxxxxxxx 12/3/2004 5:04:05 AM >>>
Yes noarp is simple to use, and you difficult to get wrong. Why fight 
what has already been fixed?

You need noarp 1.x for RHES3 which is a 2.4 kernel.

Eric - Linux wrote:
> i´m have instaled the RedHat Advanced Server 3 and try to use the arptables
> for three monthys and dont resolved.
> 
> More with noarp my problems accomplished
> 
> good luck!
> 
> 
> ----- Original Message ----- 
> From: "Brett Simpson" <Simpsonb@xxxxxxxxxxxxxxxxxxxxxx>
> To: <linux@xxxxxxxxxx>; <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Sent: Thursday, December 02, 2004 4:24 PM
> Subject: Re: LVS-DR, Cisco switch, and ARPtables
> 
> 
> I tried the noarp module but it won't compile on my RHEL ES 3 servers.
> Besides ArpTables comes with RHEL ES 3.
> 
> Thanks,
> Brett
> 
> 
>>>>linux@xxxxxxxxxx 12/2/2004 2:17:36 PM >>>
> 
> why dont use the noarp in direct servers?
> 
> ----- Original Message ----- 
> From: "Brett Simpson" <Simpsonb@xxxxxxxxxxxxxxxxxxxxxx>
> To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Sent: Thursday, December 02, 2004 3:22 PM
> Subject: Re: LVS-DR, Cisco switch, and ARPtables
> 
> 
> Or can my director do LVS Localnode and Direct route?
> 
> 
>>>>simpsonb@xxxxxxxxxxxxxxxxxxxxxx 12/2/2004 7:25:48 AM >>>
> 
> On Wednesday 01 December 2004 20:22, Con Tassios wrote:
> 
>>I've used the following arptables configuration on RHEL v.3 real servers
> 
> in
> 
>>a LVS-DR configuration to handle the ARP problem and allow hosts on the
>>same subnet to connect to the VIP.
>>
>>arptables -F
>>arptables -A IN -d $VIP -j DROP
>>arptables -A OUT -s $VIP -j mangle --mangle-ip-s $RIP
>>service arptables_jf save
>>chkconfig arptables_jf on
> 
> 
> 
> I see you have your arptables OUT entry different than mine. I went ahead
> and
> changed mine to match yours on both Real Servers. I'm assuming the $RIP is
> the IP local to the server?
> This worked on all of my subnets until a couple hours later. At that time I
> could only ping 172.27.21.210 from a client on the 172.27.21.x subnet. Any
> other subnet wouldn't ping ok until I removed, re-added, and sent a
> Gratuitous arp for 172.27.21.210 on my LVS Director.
> 
> Configuration details:
> 172.27.21.210 - LVS Director IP on Proxy1
> 172.27.21.211 - Proxy1
> 172.27.21.212 - Proxy2
> 
> [root@proxy1 root]# arptables -L -n
> Chain IN (policy ACCEPT)
> target     source-ip            destination-ip       source-hw
> destination-hw     hlen   op         hrd        pro
> DROP       0.0.0.0/0            172.27.21.210        00/00
> 00/00
> any    0000/0000  0000/0000  0000/0000
> 
> Chain OUT (policy ACCEPT)
> target     source-ip            destination-ip       source-hw
> destination-hw     hlen   op         hrd        pro
> mangle     172.27.21.210        0.0.0.0/0            00/00
> 00/00
> any    0000/0000  0000/0000  0000/0000 --mangle-ip-s 172.27.21.211
> 
> [root@proxy2 root]# arptables -L -n
> Chain IN (policy ACCEPT)
> target     source-ip            destination-ip       source-hw
> destination-hw     hlen   op         hrd        pro
> DROP       0.0.0.0/0            172.27.21.210        00/00
> 00/00
> any    0000/0000  0000/0000  0000/0000
> 
> Chain OUT (policy ACCEPT)
> target     source-ip            destination-ip       source-hw
> destination-hw     hlen   op         hrd        pro
> mangle     172.27.21.210        0.0.0.0/0            00/00
> 00/00
> any    0000/0000  0000/0000  0000/0000 --mangle-ip-s 172.27.21.212
> 
> [root@proxy1 root]# ipvsadm -L -n
> IP Virtual Server version 1.0.8 (size=65536)
> Prot LocalAddress:Port Scheduler Flags
>   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> TCP  172.27.21.210:0 dh persistent 3600
>   -> 172.27.21.212:0              Route   1      0          0
>   -> 172.27.21.211:0              Local   1      0          0
> 
> [root@proxy2 root]# ipvsadm -L -n
> IP Virtual Server version 1.0.8 (size=65536)
> Prot LocalAddress:Port Scheduler Flags
>   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> TCP  172.27.21.210:0 dh persistent 3600
>   -> 172.27.21.212:0              Local   1      0          1
>   -> 172.27.21.211:0              Route   1      0          0
> 
> 
> Brett
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx 
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx 
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users 
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx 
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx 
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users 
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx 
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx 
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users 
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx 
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx 
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: LVS-DR, Cisco switch, and ARPtables, Graham Purcocks
Next by Date:  Re: LVS-DR, Cisco switch, and ARPtables, Graham Purcocks
Previous by Thread:  Re: LVS-DR, Cisco switch, and ARPtables, Graham Purcocks
Next by Thread:  Re: LVS-DR, Cisco switch, and ARPtables, Graham Purcocks
Indexes:  [Date] [Thread] [Top] [All Lists]