|
I found this recent and comprehensive documentation that is missing one
important thing. It tells that we need add a VIP, but to what? I have
machines that have 2 ethernet cards. On are on an internal subnet
172.21.4.32 and so on, and the others go though the router to the
outside: 66.124.8.1 and so on. When it says "set up a VIP" and that it
can be "pinged from the outside" I am totally lost. Do I do an ifconfig
on eth0:1 or something like that? What ip address should I use? If I
make it part of the internal network, then I can't get to it from the
outside, if I make it part of the external, then the machines inside
can't see it. HELP!!
Don (steiny@xxxxxxxxxxxxx)
Adding the VIP to the load balancer requires no special configuration
apart from adding a virtual address. In part two of this article series,
the heartbeat program will be adding and removing this address as a
configured “resource,” but at present you will configure it manually. It
is important that you set up the VIP in such a way that the default
route out of the machine is still via the primary address (the RIP).
This is done by defining the subnet mask to be 255.255.255.255 (32 in
CIDR notation). Set it up as an additional address on |eth0|.
When adding the VIP to the nodes, it is essential that the IP address is
unresolvable to the network via ARP. If it were, the load balancer would
become unreachable. In order to hide the address, you need to set some
kernel “sysctl” parameters by editing |/etc/sysctl.conf|. Look in your
distribution’s documentation to confirm this file is not auto-generated
from other files or by a configuration utility. Set the following
parameters: [3
<http://tag1consulting.com/Scalable_Linux_Clusters_with_LVS_Part_I#3>]
|net.ipv4.conf.all.arp_ignore = 1|
|net.ipv4.conf.all.arp_announce = 2|
This ensures that interfaces will only answer ARP requests for IP
addresses that belong to them, as opposed to all IP addresses on the
machine. For example, if the VIP is a virtual address on the loopback
device (|lo|), then the RIP (|eth0|) will not advertise it. Run |sysctl
-p| as root, or, if you are familiar with it, use the |/proc/sys/|
interface to set these values.
Now that you have set these parameters, you may add the VIP to |lo|.
This will be similar to configuring the VIP on the load balancer, except
that the addiional address is for |lo|, not |eth0|. Again, ensure that
the netmask of the address is 255.255.255.255.
Time to test. The service you are running on the nodes must be
configured to listen on both the RIP and VIP addresses. Assuming your
firewall policy allows pings, you should still be able to ping the RIP
of each node from a third-party machine unrelated to the load balancer
setup. Next, try pinging the RIP of each node from the load balancer;
connectivity to the node from the load balancer will be necessary once
you configure the load balancers to check the nodes for availability.
Lastly, pinging the VIP from off-network should result in a response
from the load balancer.
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
