LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: Connection synchronization questions

from [Martijn Grendelman] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Connection synchronization questions
From: Martijn Grendelman <martijn@xxxxxxxxxxxxxx>
Date: Fri, 21 Jul 2006 10:42:24 +0200 
Nobody?

Best regards,
Martijn.


Martijn Grendelman schreef:

Hi,
I have just enabled the LVS connection sync daemon, but some things about the way it works aren't entirely clear to me.
There is an active LVS, running ipvs_syncmaster and a backup LVS, running ipvs_syncbackup. I feel I should mention the machines run pretty old kernels (2.4-not-latest). I use the local node feature, i.e. both machines are also real servers. 

On both machines, I see the UDP multicast traffic I expect:

16:19:16.876496 IP tweety.sipo.nl.55286 > 224.0.0.81.8848: UDP, length: 28
16:19:25.875012 IP tweety.sipo.nl.55286 > 224.0.0.81.8848: UDP, length: 28

(tweety.sipo.nl being the master).
Now, knowing nothing about multicast in general, my question is: what are the security implications of this kind of traffic? The servers are on a shared switch. Are other machines on the LAN able to pick up any sensitive data from my load balancers? How could I secure this? 

And I have another question.

On the master, I see this:

martijn@tweety:~> rr ipvsadm -L -n
IP Virtual Server version 1.0.10 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  212.204.230.98:80 sh
  -> 212.204.230.91:80            Route   200    10         19
  -> 212.204.230.96:80            Local   200    3          18

On the backup LVS, I see:

martijn@daffy:~> rr ipvsadm -L -n
IP Virtual Server version 1.0.12 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  212.204.230.98:80 sh
  -> 212.204.230.91:80            Local   200    10         16
  -> 212.204.230.96:80            Route   200    0          0
The number of active connections pointing to the second server (which is the active LVS) is 0 on the backup machine. I would expect it to be 3, just like on the master.
Does that have something to do with the fact that Forward == Local? Or is there something I am missing?
And what about the number of inactive connections on the backup? I thought only ESTABLISHED connections are synchronized. When does a connection become 'inactive' on the backup? When it is no longer active on the master? 

Best regards,

Martijn Grendelman
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Simple if slightly pointless question..., malcolm
Next by Date:  Re: Question regarding getting compiled., Dan Baughman
Previous by Thread:  Connection synchronization questions, Martijn Grendelman
Next by Thread:  Re: Connection synchronization questions, kris . saw
Indexes:  [Date] [Thread] [Top] [All Lists]