|
Francisco:
Just a last comment:
I'm not using loopback devices for the VIP, I configured it on eth0:0
(because I read that lo interfaces had some problems related to arp
propagation)
Well, I'll try again with arptables.
Thank you
Ignacio
> -----Mensaje original-----
> De: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
> [mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] En nombre
> de Francisco Gimeno
> Enviado el: Jueves, 22 de Junio de 2006 16:59
> Para: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Asunto: Re: A running configuration for a Squid LVS
>
>
> Hello Ignacio...
>
> I really don't remember the mechanism I used to avoid ARP
> poisoning... The
> best way to see if something is wrong is to see MAC tables in
> the switches.
>
> The VIP in the passive balancer, should not poison the MAC
> tables. In RedHat (
> and friends ) it seems the default behaviour for loopback
> interfaces is to
> answer to calls in the eth0 ( ie: like if a proxyarp exist
> between eth0 and
> lo ). I think I finally used the arp_tables, because the
> proc/sys/net didn't
> work for me ( in Debian it works perfectly ).
> Just try it on ( arptables I mean ).
> Good Luck
>
> BR,
> Francisco Gimeno
>
> > Hello Francisco:
> > Squid is not supposed to work in transparent mode (i.e.
> each browser
> > sould have configured the VIP assigned to the proxy). And yes: the
> > port is not really important (we use 8080).
> >
> > Just talking about "the arp issue": do you use any arp filter like
> > arptables (arptables_jf). Are there additional warnings
> that should be
> > considered that (for any
> > reason) are not in the howto's?
> >
> > I think that, perhaps, my problem has to do with this topic
> (ARP). So
> > I tryed:
> > * net.ipv4.conf.(eth*).arp_ignore = 1
> > * net.ipv4.conf.(eth*).arp_announce = 2
> > (and then sysctl -p)
> >
> > I didn't used arptables (like said at UltraMonkey's site), and then
> > configured /etc/ha.d/ha.cf and /etc/ha.d/haresources (and authkeys
> > too). After starting heartbeat, you can see:
> >
> > # ipvsadm -L
> > IP Virtual Server version 1.2.1 (size=4096)
> > Prot LocalAddress:Port Scheduler Flags
> > -> RemoteAddress:Port Forward Weight ActiveConn
> InActConn
> > TCP prx:webcache dh persistent 300
> > -> prx01:webcache Local 100 0 0
> > -> prx02:webcache Route 100 0 0
> > #
> >
> > You can ping to "prx's" IP address, and no mac address entry is
> > displayed issuing an "arp -a" for host "prx", but:
> > - you can see prx01's mac address issuing "arp -a" at prx02, and
> > - you can see prx02's mac address issuing "arp -a" at prx01.
> >
> > (!) I think it's fine (isn't it?).
> >
> >
> > After that, I can see connections (active or inact) only to
> one of the
> > nodes (mostly prx02) and when you make prx02 "fail",
> connections are
> > not established to prx01 (and this is my problem...)
> >
> > Thanks again
> >
> > Regards
> >
> > Ignacio
>
> _______________________________________________
> LinuxVirtualServer.org mailing list -
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx Send requests to
> lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
|
