LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: question on faq 4.18

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: question on faq 4.18
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Fri, 20 Jan 2006 06:08:45 -0800 (PST)
On Thu, 19 Jan 2006, Judd Bourgeois wrote:

Hi,

I have a question that is sort of answered in FAQ 4.18, but there's a lot of information there and it seems more complex than necessary,

it's what happens when you do the documentation in your spare time for free I'm afraid. I used to have an enlightened employer that regarded my LVS work as beneficial to the world, and so I got to test everything before putting it in the HOWTO. My current employer only thinks about the hours that they can bill for my time, so now I just monitor the list and splice in posts that seem to be reasonable.

I am running LVS-NAT, where the director VIP and all RIPs are on the same physical segment (as in 4.11). The setup mostly works fine for external clients, but some of my web sites proxy to "themselves" within a page (proxy, PRPC, includes, etc.) This is, I believe, the exact scenario described in FAQ 4.18, and the symptom is that the proxy functionality breaks. The real server does a DNS lookup for the remote site, gets back the VIP, and hangs waiting for a response.

yes

Previously I solved this problem by putting the site names and 127.0.0.1 in /etc/hosts (as in 4.18.1 and 12.12.4),

the route to getting all the info you need is quite torturous I'll be the first to agree.

but after reading the FAQ more carefully tonight, I solved it by simply adding the VIP as a dummy interface on all of the real servers.

and the httpd on the realservers is listening to the VIP on dummy0 as well?

You've stopped the VIP on dummy0 from replying to arp requests?

This appears to be addressed in 4.18.3, but there's an extra iptables command to be run on the director. Is this really necessary?

I could spend some time figuring this out, and even then it would only be my opinion, so instead...

Graeme,

        Do you have an opinion on the matter?

Won't any packets originating on the real servers and destined for the VIP be handled by the dummy interface on the real server, without being put on the wire?

It all appears to work fine and has the added nice effect of forcing each real server to proxy to itself when necessary, so I'm just looking for a confirmation that I'm doing this right.

I'm not the one to ask :-) We usually accept the computer's opinion on the matter. If there's any conflict between humans and the computer, we defer to the computer. So I'd say you've got it right.

This sounds a neat trick. I'll wait for Graeme's reply before updating the HOWTO.

Thanks for the update

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux!

<Prev in Thread] Current Thread [Next in Thread>