> I would be glad if Somebody could tell me how LVS-DR exactly works. I
> really dont Understand how it works. Now i am going to write down how i
> think that it could work and you can correct me if i am wrong.
I will try to answer it in a human point of view, because the technical one
is clearly explained somewhere in the doc.
Joe is a packet trying to find its web server. The web server is owned by a
VIP. The VIP is annouced (arp) by the director. So Joe arrives at the
director.
"Hi I'm Joe, I'm looking for a web server at this IP (VIP)".
OK, now IPVS will schedule this packet to a realserver that actually host the
web application. So, it send the packet to the RIP of the realserver (this is
routing, like you would do if you would route a packet through a gateway, you
know?).
IPVS says "OK joe, to find your application, juste ask (next hop) this RIP".
So Joe arrives at the RIP, on the realserver. Joe is always the same (source
and destination IP unchanged). On the realserver, the linux IP layer sees a
packet arriving on the interface eth[]. This packet is for VIP. VIP is hosted
on lo[]. So, this IP (VIP) is locale. The IP layer will route this packet to
the IP. Goooood.
Now the web server has to answer to the packet. It sends a response, which
will be directly directed to the client (because the client Ip address is in
Joe). Because the packet arrives on VIP (on lo[]), it is sent with this IP
(VIP) as source.
Now, why do we have to avoid arp announces in direct routing? If you want to
keep track of all the connections from all the clients, you have to see all
the incoming packets going through the director. For a given IP address, only
one ARP address is possible. So, if all the realservers plus the director
announce the IP as local, you will have a messed network.
Why should we use direct routing? First of all, because you can be proud if
you are about to understand how it works, and your reward is to be able to
use it. Second, on heavily loaded systems, you will have to manage only
incoming connections on the director. This let you use a simpler machine (or
put money in harware redundancy instead of hardware power). This can also let
you manage your flow (incoming and outgoping goes through two different
network).
And about arp announces on linux, this is a good old troll, old linux kernel
were always answering to arp request even on an interface that do not host
the IP. Because it is a troll, I will not go further in explaining why it is
bad and why some find it usefull (ah, shit, I walked on the troll). Anyway,
now, it is entirely configurable and so everyone can gives the linux kernel
the behavior he was waiting for.
I think there is lot of bad english words or phrases in this mail, sorry.
François.
|