lvs-users
|
|
lvs-users
|
| To: | "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [lvs-users] keepalived: LVS-DR split brain w/firewalls up |
| From: | Graeme Fowler <graeme@xxxxxxxxxxx> |
| Date: | Sun, 29 Jul 2007 18:16:07 +0100 |
On Sun, 2007-07-29 at 10:55 -0400, Gerry Reno wrote: > I was hoping someone could tell me. I just brought up the firewalls on > the directors and instant split brain. What port/protocol do the > directors use to communicate with each other? Keepalived uses VRRP - you can search for the relevant RFC yourself for the nitty gritty (or follow the links on keepalived.org). If you have two directors, DIP1 and DIP2 then use a rule of the form: on DIP1: iptables -A INPUT -s $DIP2 -j ACCEPT on DIP2: iptables -A INPUT -s $DIP1 -j ACCEPT Or the same rule on both to accept VRRP: iptables -A INPUT -d 224.0.0.18/32 -j ACCEPT If you've modified your mcast_src_address in keepalived.conf, use that IP instead. Graeme |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [lvs-users] MAC aliases on a NIC!!, Joseph Mack NA3T |
|---|---|
| Next by Date: | Re: [lvs-users] keepalived: LVS-DR split brain w/firewalls up, Gerry Reno |
| Previous by Thread: | Re: [lvs-users] keepalived: LVS-DR split brain w/firewalls up, Graeme Fowler |
| Next by Thread: | Re: [lvs-users] keepalived: LVS-DR split brain w/firewalls up, Gerry Reno |
| Indexes: | [Date] [Thread] [Top] [All Lists] |