Re: [lvs-users] Local Service not Local Node ??

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [lvs-users] Local Service not Local Node ??
From: Anders Henke <anders.henke@xxxxxxxx>
Date: Tue, 31 Jul 2012 09:55:49 +0200
On June 30th 2012, A D wrote:
> I have a two server LVS-DR setup using Keepalived for failover.
> Everything is working fine with multiple public VIPs, private real
> servers, health checks, etc.
> I would like to run an NTP service for the internal network on the LVS
> nodes using a VIP.
> Note: I already have a separate NTP service running for public client
> requests - Public IP VIP routed to two real servers. The proposed
> private NTP service and the public can not be mingled.

Failover is fine, "loadbalancing" NTP is actually not a really good
idea. Just as a general note :-)

> When the NTP configuration is set to listen on requests from
> internal clients are not answered (reply from unexpected source:).
> When I set the service to listen on the private VIP the requests are
> answered. As expected.

ntpd needs to opens a listening socket to a specific IP address,
as udp is stateless and doesn't offer any means for the receiving
server to know which IP address has actually been asked.

So by opening listening sockets to all applying IP addresses,
ntpd identifies the receiving IP address by the socket who
received the request.
With this information, ntpd may create a suitable reply packet with
the correct source address.

> The issue: I cannot set the standby LVS's NTP configuration to listen
> on VIP because the LVS server is not aware of it. It will not become
> aware of it until it is the active node.

You may set /proc/sys/net/ipv4/ip_nonlocal_bind to "1".
This permits your ntpd to bind to IPs who aren't configured right now. 
When the IP address becomes available, ntpd should receive packets for 
this IP address.
> Has anyone run into a similar scenerio. A.k.a clustered service. I
> would prefer to not have to start the NTP server manually on the new
> active node if/when LVS fails over.

Very reasonable: ntpd does need some time to find a current timesource
and get a stable tracking of its own and any upstream time sources.
NTP is much more of an art of science rather than simply transmitting
some timestamp and setting one's local clock according.

1&1 Internet AG              Expert Systems Architect (IT Operations)
Brauerstrasse 50             v://49.721.91374.0
D-76135 Karlsruhe            f://49.721.91374.225

Amtsgericht Montabaur HRB 6484
Vorstände: Henning Ahlert, Ralph Dommermuth, Matthias Ehrlich, 
Robert Hoffmann, Andreas Hofmann, Markus Huhn, Hans-Henning Kettler,
Dr. Oliver Mauss, Jan Oetjen, Martin Witt
Aufsichtsratsvorsitzender: Michael Scheeren

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>