|
On Fri, 2012-08-24 at 15:33 +0400, Dmitry Akindinov wrote:
> We are facing a problem with ipvsadm.
<snip>
This sounds very much like a problem I resolved some years ago with a
two-node system like yours.
In that case, I put additional rules or logic into the iptables ruleset
to make sure that packets with a source MAC address of the other node in
the system didn't get the fwmark applied, thus missed the ipvs rules,
and got handled by the local application.
For example, in the theoretical 2-node system we have a single VIP, then
2 nodes RIP1 + MAC1, RIP2 + MAC2.
iptables rule for port 143:
On Node 1:
-A PREROUTING -d $VIP -p tcp -m tcp --dport 143 \
-m mac ! --mac-source $MAC2 -j MARK --set-mark 0x6
On node 2:
-A PREROUTING -d $VIP -p tcp -m tcp --dport 143 \
-m mac ! --mac-source $MAC1 -j MARK --set-mark 0x6
This ensured in my case that the two nodes (which were both live at the
same time) didn't end up sending traffic round and round in a circle
between the two nodes.
It *may* help in your case also.
Graeme
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
