LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

[lvs-users] Checkpoint R75 Cluster in front of LVS/KeepaliveD problem.

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: [lvs-users] Checkpoint R75 Cluster in front of LVS/KeepaliveD problem.
From: "SJ Stanaitis" <sstanaitis@xxxxxxxxxxxx>
Date: Fri, 15 Apr 2011 10:48:13 -0400
All,

 

I've done some searching through the archives but haven't seen this
exact problem encountered yet.

 

I have a working Keepalived/LVS based load balancer configured on my LAN
which is balancing HTTP, HTTPS, and DNS traffic.  The system is FC11
based, running kernel 2.6.30.8, Keepalived v1.1.17, and IP Virtual
Server 1.2.1.  On the border of that subnet is a Checkpoint UTM-1 R75
based cluster.  The problem I encounter also existed with Checkpoint
R65.

 

All the systems in the subnet communicate with a virtual cluster
interface on the Checkpoint.  When the cluster has a failover event, the
secondary/standby member will assume the active role automatically, and
send out a GARP that updates the virtual cluster interface MAC address
to reflect its own physical interface's MAC address.

 

All of the systems in the subnet will then update their arp tables and
continue to communicate with the Checkpoint cluster via the same IP but
new MAC.  The problem is that the load balancer stops communicating, and
its arp table still shows the MAC address of the primary cluster member
paired with the IP of the virtual cluster interface.  When this occurs I
have to clear the arp table on the load balancer as well as restart
Keepalived for the traffic flow to resume.

 

Beyond implementing a hack that clears the arp tables in the event that
the balancer cannot communicate with the virtual interface of the
cluster due to a failover - is there some way to make it so the load
balancer accepts the GARP  and recognizes the change?

 

Thanks!

--SJ

 

SJ.Stanaitis

System Administrator

Decorative Product Source, Inc.

 

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>
  • [lvs-users] Checkpoint R75 Cluster in front of LVS/KeepaliveD problem., SJ Stanaitis <=