LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

LVS-Tun on CentOS 4.3

from [Mickey Everts] [Permanent Link]
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: LVS-Tun on CentOS 4.3
From: "Mickey Everts" <mickey-ml@xxxxxxxxxxxxx>
Date: Tue, 25 Apr 2006 14:41:26 -0700 
 

I believe I have things working, but I wanted to run a few things past some
more eyes and ask some questions while I am at it.

 

(1) This is a high availability setup using heartbeat, ldirectord.  The
kernel version is "2.6.9-34.EL i686".  On the directors, I simply installed
the following packages via yum to get everything I needed:

 

yum install heartbeat ipvsadm heartbeat-ldirectord heartbeat-stonith
heartbeat-pils \

libnet perl-Net-SSLeay perl-IO-Socket-SSL

 

I was unable to locate perl-Authen-SASL or perl-Parse-RecDescent in the
CentOS or DAG repositories.  As far as I can tell, they are not needed.  I
mention them because they are part of Ultramonkey.

 

(2) I disabled iptables on both the directors and the real servers.  I have
no plans to enable iptables on the director, but it maybe necessary to do so
on the RS's.  From the ml, I believe something like added to my
/etc/sysconfig/iptables file on the RS's should do the trick (is this
correct?):

 

-A RH-Firewall-1-INPUT -j ACCEPT --proto 4

 

(3) Here are the relevant sysctl.conf entries:

 

Director:

 

net.ipv4.ip_forward = 0

net.ipv4.conf.default.rp_filter = 1 (should this be 0 or does it matter?)

net.ipv4.conf.default.accept_source_route = 0

 

Real Servers:

 

net.ipv4.ip_forward = 0

net.ipv4.conf.default.rp_filter = 0

net.ipv4.conf.default.accept_source_route = 0

net.ipv4.conf.eth0.arp_ignore = 1

net.ipv4.conf.eth0.arp_announce = 2

net.ipv4.conf.all.arp_ignore = 1

net.ipv4.conf.all.arp_announce = 2

 

 

Note the "net.ipv4.ip_forward = 0" on all servers.  As far as I can tell
it's not necessary for TUN or DR modes, for the directory or real servers. 

 

(4) I created the file "/etc/sysconfig/network-scripts/ifcfg-tunl0"
containing:

 

DEVICE=tunl0

IPADDR=XX.XX.24.62

NETMASK=255.255.255.255

BROADCAST=XX.XX.24.62

ONBOOT=yes

 

What's not clear is what I need to do for additional VIP's?  Create a tun1
file? Or should I be doing something like tunl0:0, tun0:1 and so on?

 

Also, am I supposed to have a 'host' route like below on each RS?  Again, I
think things are working, BUT currently all the servers are on the same
network for testing. 

 

route add -host X.X.X.X dev tunl0

 

If this is necessary, what IP should the host route be to?

 

(5) Finally, do I have to worry about MTU sizes? As it stand nows:

 

Director: eth0 = 1500

Realserver: eth0 = 1500, tunl0 = 1480

 

(6) Any problem with running TUN and DR modes on the same director?

 

Thanks in advance folks!

 

Mickey
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • LVS-Tun on CentOS 4.3, Mickey Everts <=
Previous by Date:  Re: timeout problem, Matthew Story
Next by Date:  Re: Connecting to the VIP from a NAT -ed realserver, Dan Sully
Previous by Thread:  timeout problem, Matthew Story
Next by Thread:  multiple services on VIP, Mike Borsuk
Indexes:  [Date] [Thread] [Top] [All Lists]