LVS-Tun on CentOS 4.3

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: LVS-Tun on CentOS 4.3
From: "Mickey Everts" <mickey-ml@xxxxxxxxxxxxx>
Date: Tue, 25 Apr 2006 14:41:26 -0700

I believe I have things working, but I wanted to run a few things past some
more eyes and ask some questions while I am at it.


(1) This is a high availability setup using heartbeat, ldirectord.  The
kernel version is "2.6.9-34.EL i686".  On the directors, I simply installed
the following packages via yum to get everything I needed:


yum install heartbeat ipvsadm heartbeat-ldirectord heartbeat-stonith
heartbeat-pils \

libnet perl-Net-SSLeay perl-IO-Socket-SSL


I was unable to locate perl-Authen-SASL or perl-Parse-RecDescent in the
CentOS or DAG repositories.  As far as I can tell, they are not needed.  I
mention them because they are part of Ultramonkey.


(2) I disabled iptables on both the directors and the real servers.  I have
no plans to enable iptables on the director, but it maybe necessary to do so
on the RS's.  From the ml, I believe something like added to my
/etc/sysconfig/iptables file on the RS's should do the trick (is this


-A RH-Firewall-1-INPUT -j ACCEPT --proto 4


(3) Here are the relevant sysctl.conf entries:




net.ipv4.ip_forward = 0

net.ipv4.conf.default.rp_filter = 1 (should this be 0 or does it matter?)

net.ipv4.conf.default.accept_source_route = 0


Real Servers:


net.ipv4.ip_forward = 0

net.ipv4.conf.default.rp_filter = 0

net.ipv4.conf.default.accept_source_route = 0

net.ipv4.conf.eth0.arp_ignore = 1

net.ipv4.conf.eth0.arp_announce = 2

net.ipv4.conf.all.arp_ignore = 1

net.ipv4.conf.all.arp_announce = 2



Note the "net.ipv4.ip_forward = 0" on all servers.  As far as I can tell
it's not necessary for TUN or DR modes, for the directory or real servers. 


(4) I created the file "/etc/sysconfig/network-scripts/ifcfg-tunl0"








What's not clear is what I need to do for additional VIP's?  Create a tun1
file? Or should I be doing something like tunl0:0, tun0:1 and so on?


Also, am I supposed to have a 'host' route like below on each RS?  Again, I
think things are working, BUT currently all the servers are on the same
network for testing. 


route add -host X.X.X.X dev tunl0


If this is necessary, what IP should the host route be to?


(5) Finally, do I have to worry about MTU sizes? As it stand nows:


Director: eth0 = 1500

Realserver: eth0 = 1500, tunl0 = 1480


(6) Any problem with running TUN and DR modes on the same director?


Thanks in advance folks!




<Prev in Thread] Current Thread [Next in Thread>
  • LVS-Tun on CentOS 4.3, Mickey Everts <=