Re: [lvs-users] ipvsadm problem

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] ipvsadm problem
From: Graeme Fowler <graeme@xxxxxxxxxxx>
Date: Fri, 24 Aug 2012 12:54:37 +0100
On Fri, 2012-08-24 at 15:33 +0400, Dmitry Akindinov wrote:
> We are facing a problem with ipvsadm.

This sounds very much like a problem I resolved some years ago with a
two-node system like yours.

In that case, I put additional rules or logic into the iptables ruleset
to make sure that packets with a source MAC address of the other node in
the system didn't get the fwmark applied, thus missed the ipvs rules,
and got handled by the local application.

For example, in the theoretical 2-node system we have a single VIP, then
2 nodes RIP1 + MAC1, RIP2 + MAC2.

iptables rule for port 143:

On Node 1:

-A PREROUTING -d $VIP -p tcp -m tcp --dport 143 \
   -m mac ! --mac-source $MAC2 -j MARK --set-mark 0x6

On node 2:

-A PREROUTING -d $VIP -p tcp -m tcp --dport 143 \
   -m mac ! --mac-source $MAC1 -j MARK --set-mark 0x6

This ensured in my case that the two nodes (which were both live at the
same time) didn't end up sending traffic round and round in a circle
between the two nodes.

It *may* help in your case also.


Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>