Re: LVS-DR ssh service

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: LVS-DR ssh service
From:	Michael Stiller <ms@xxxxxxxxxx>
Date:	Mon, 24 Jan 2005 09:34:22 +0100

> 2. Use the stock RHEL kernel, and use arptables to control the arp problem.
>    There is an arptables package for RHEL AS and ES, and if you
>    recompile the available source it works for WS.
> 
>    I have had some success in my lab with something along the lines of
>    the following. And it has the advantage over 1) that you don't need
>    to change the kernel.
> 
>     arptables -F
>     arptables -A IN -d VIP -j DROP
>     arptables -A OUT -d VIP -j DROP -j mangle --mangle-ip-s RIP
> 
>     http://archive.linuxvirtualserver.org/html/lvs-users/2004-12/msg00015.html

Is this really needed? What about using this sysctl variables:

net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

A quick test seemed to work for me. 

-Michael

<Prev in Thread]	Current Thread	[Next in Thread>
LVS-DR ssh service, Karen Shepelak Re: LVS-DR ssh service, Horms Re: LVS-DR ssh service, Michael Stiller <= Re: LVS-DR ssh service, Con Tassios Re: LVS-DR ssh service, Michael Stiller Re: LVS-DR ssh service, Horms

Previous by Date:	Re: Multiple virtual addresses but only 2 real servers, Horms
Next by Date:	Re: Multiple virtual addresses but only 2 real servers, Ralph Jones
Previous by Thread:	Re: LVS-DR ssh service, Horms
Next by Thread:	Re: LVS-DR ssh service, Con Tassios
Indexes:	[Date] [Thread] [Top] [All Lists]