|
Absolutely, it's the standard real server configuration with sysctl arp
tuning. Aa I said lvs2 doesn't know any mac of the real IP (arp -a empty)
On 10 Jul 2015 12:58 am, "Jamie Dahl" <jamied@xxxxxxxxxxxx> wrote:
>
> So I am curious if you have made the following changes to your real
> servers:
> net.ipv4.conf.lo.arp_ignore=1
> net.ipv4.conf.lo.arp_announce=2
> net.ipv4.conf.all.arp_ignore=1
> net.ipv4.conf.all.arp_announce=2
>
> What might be happening is lvs2 could be seeing the arp reply from the
> servers for the VIP IP. The above settings will prevent internal/inside
> traffic from bypassing your LVS cluster etc.
>
>
>
>
>
> > Hi list,
> >
> > I've a doubt about how connections to a VIP initiated on the same machine
> > works. Let me explain with an example:
> > I have 2 machines (lvs1 and lvs2) with keepalived (vrrp+LVS-DR). The
> > cluster has a virtual server (10.0.1.1) with some real servers behind.
> > lvs1 is the master and lvs2 is the backup.
> >
> > The strange thing I'm seeing and that I don't understand (at least as a
> > feature) is that ig on lvs2 I try to connect to 10.0.1.1
> > it goes directly to the real servers without passing through lvs1. But
> > 10.0.1.1 is not present on any lvs2 interfaces (ifconfig, ip addr) but
> > only
> > in the keepalived configuration. It's not even present in the ARP cache
> > table.
> >
> > I was thinking that maybe, since it's known to LVS, this IP is somewhere
> > in
> > the ip_vs module and it's in earlier stage of the network stack, so any
> > connection to it is handled by the LVS stack as if lvs2 were the MASTER.
> > If
> > I remove the virtual server from lvs2 keepalived, then a connection to
> > 10.0.1.1 from lvs2 goes to the real servers through lvs1 as expected.
> >
> > Is this normal? Is this the expected behavior? If so, why?
> >
> > Thank you very much
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
>
>
> --
>
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
