|
On Thu, 14 Sep 2006, Nicholas Newberry wrote:
If my preliminary testing is correct, when the LVS
director has no realservers in the table for a particular
virtual service, requests for that service produce an icmp
port unreachable.
lets the client do something sensible.
The point of all of this is that if the realservers aren't
up, I want client requests to time out (i.e. be silently
dropped by the director) rather than get "connection
refused".
the user on the client box may not like this (for http, the
web browser will just hang). Just a caution - you usually
only drop packets for connections that you regard as
malicious, and give normal users the reject so they can do
something else.
However if you really want it, a possible way might be to
have a director with localnode and an iptables rule for
127.0.0.1:your_service to drop the inbound packets.
Another way of handling it would be to have a localnode
sorry server (displaying a page saying "our website is down
- please come back")
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
