LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Use IP address only on failover?

from [Alexander Stolle] [Permanent Link]
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Use IP address only on failover?
From: "Alexander Stolle" <alexlists@xxxxxx>
Date: Mon, 1 Aug 2005 19:52:57 +0200 
Hi,

I have a small problem. I have a setup with two firewalls/router/lvs
directors, running keepalived. 
As I route from the internet into my public network, I would like to save ip
addresses. I thought that it would be easily done by keepalived. 

Little Artwork:

     |               |
     |               |
     | VIP 62.x.x.1  |
     |               |
     |               |
eth0 62.x.x.2  eth0 62.x.x.3 (EXT_IF)
     |               |
   |FW1| -  eth3 - |FW2|
     |               |
bond0 0.0.0.0 bond0 0.0.0.0 (DMZ_IF)
     |               | 
     |               |
     | VIP 212.x.x.1 |
     |               |

My idea is, that bond0 has no initial ip address and the VIP will be set,
when keepalived starts or FW1 fails over to FW2. So far it seems to work. 
Keepalived starts up. At first it starts the health checkers, afterwards the
vrrp instances, which results in removing all realservers from service (as
the VIP on bond0 is set after the healthcheckers are started). But that is
still okay for me, because keepalived will reinsert the realservers into the
services after the vrrp instance is up (actually I would like to have it the
other way round :)

The only error I get in the log is the following on FW2: 
---
cant do IP_ADD_MEMBERSHIP errno=No such device (19) 
cant bind to device bond0. errno=9. (try to run it as root) (-> I am root)
---

So far, so good. It seems to work. bond0 on FW2 is still 0.0.0.0, but it
recieves the ipvs connection table and realserver list via the sync
interface eth3. The only thing is, that FW2 permanently tries to become
Master. It just floods my logfiles every second :(

---
FW1
Keepalived_vrrp: VRRP_Instance(EXT_IF) Received lower prio advert, forcing
new election
Keepalived_vrrp: VRRP_Instance(EXT_IF) IPSEC-AH : Syncing seq_num -
Increment seq
---

---
FW2
VRRP_Group(LVSFW) Syncing instances to MASTER state
VRRP_Instance(EXT_IF) Transition to MASTER STATE
VRRP_Instance(EXT_IF) Received higher prio advert
VRRP_Instance(EXT_IF) Entering BACKUP STATE
VRRP_Group(DeTeLVSFW) Syncing instances to BACKUP state
VRRP_Instance(DMZ_IF) Entering BACKUP STATE
VRRP_Instance(DMZ_IF) Transition to MASTER STATE
---

I guess it has something to do with the missing ip address on bond0. I tried
to set the initial ip addresses on bond0 (FW1 212.x.x.2 and FW2 212.x.x.3),
which works as expected, but I don't want to use 3 ip addresses on my public
network (I don't have much). Could you please give me a hint what I can do
or if it is even possible with keepalived?

Thanks in advance!

Best, Alex
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ESTABLISHED Connection Spike (OT?), Jacob Coby
Next by Date:  RE: Use IP address only on failover?, Graeme Fowler
Previous by Thread:  Re: ESTABLISHED Connection Spike (OT?), Jacob Coby
Next by Thread:  RE: Use IP address only on failover?, Graeme Fowler
Indexes:  [Date] [Thread] [Top] [All Lists]