LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

hard wired solution to arp problem

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: hard wired solution to arp problem
From: Joseph Mack <mack@xxxxxxxxxxx>
Date: Wed, 24 Nov 1999 10:47:30 -0500 (EST)
Julian's posting the other day showed that the dummy0 device
on realservers does arp. This prompted me to find out why
my LVS was working, when it shouldn't


The problem: If the router which feeds the director in a VS-DR LVS gets
the wrong MAC address for the VIP the LVS does not work.

Current solutions: All involve stopping the realservers from replying to
arp requests. The realservers are patched, or hidden behind a firewall
(the director with 2 NICs), or on a separate network.

I assume that my LVS was working because the director replied to arp
requests before the realservers (the director is 3x-4x the speed of the
realservers) and the entry in the router/client's arp table was always the
VIP of the director. In this case it didn't matter that the VIP on the
realservers was on an arp'ing device (dummy0). I had erroneously concluded
that since my LVS was working, and I was using dummy0 devices on the
realservers, that the dummy0 devices were not replying to arp requests.
I didn't bother to check whether dummy0 was replying to arp requests.

New solution: hard wire the MAC address of the VIP on the director
into the router's arp table. In my case I don't have a router, and
my client connects directly to the director. I have a file /etc/ethers
with the entry

lvs.mack.net 00:A0:CC:55:7D:40

and on the client (router) I run

$arp -f /etc/ethers

to add this (permanent) entry to the router's (client's) arp table
(check content of arp table with `arp -a`).

The lvs now works without hiding the realservers, or without patching the
realservers. The range of devices for the VIP on the realservers is wider
now and can be eth0:1 on a /24 netmask (or can stay as lo:0/32).

I have checked this on 2 different lots of hardware: one in which the
director replies to arps for the VIP first and another where the same
realserver always replies to the arp for the VIP first. I will be updating
the HOWTO and configure files (will be a few days). Please regard this
approach as experimental until a few people have got it to work.

Joe
--
Joseph Mack mack@xxxxxxxxxxx


----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>