LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

[lvs-users] Mysterious documentation

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] Mysterious documentation
From: Don Steiny <steiny@xxxxxxxxxxxxx>
Date: Tue, 19 May 2009 23:27:13 -0700
I found this recent and comprehensive documentation that is missing one 
important thing. It tells that we need add a VIP, but to what? I have 
machines that have 2 ethernet cards. On are on an internal subnet 
172.21.4.32 and so on, and the others go though the router to the 
outside: 66.124.8.1 and so on. When it says "set up a VIP" and that it 
can be "pinged from the outside" I am totally lost. Do I do an ifconfig 
on eth0:1 or something like that? What ip address should I use? If I 
make it part of the internal network, then I can't get to it from the 
outside, if I make it part of the external, then the machines inside 
can't see it. HELP!!


Don (steiny@xxxxxxxxxxxxx)


Adding the VIP to the load balancer requires no special configuration 
apart from adding a virtual address. In part two of this article series, 
the heartbeat program will be adding and removing this address as a 
configured “resource,” but at present you will configure it manually. It 
is important that you set up the VIP in such a way that the default 
route out of the machine is still via the primary address (the RIP). 
This is done by defining the subnet mask to be 255.255.255.255 (32 in 
CIDR notation). Set it up as an additional address on |eth0|.

When adding the VIP to the nodes, it is essential that the IP address is 
unresolvable to the network via ARP. If it were, the load balancer would 
become unreachable. In order to hide the address, you need to set some 
kernel “sysctl” parameters by editing |/etc/sysctl.conf|. Look in your 
distribution’s documentation to confirm this file is not auto-generated 
from other files or by a configuration utility. Set the following 
parameters: [3 
<http://tag1consulting.com/Scalable_Linux_Clusters_with_LVS_Part_I#3>]

|net.ipv4.conf.all.arp_ignore = 1|
|net.ipv4.conf.all.arp_announce = 2|

This ensures that interfaces will only answer ARP requests for IP 
addresses that belong to them, as opposed to all IP addresses on the 
machine. For example, if the VIP is a virtual address on the loopback 
device (|lo|), then the RIP (|eth0|) will not advertise it. Run |sysctl 
-p| as root, or, if you are familiar with it, use the |/proc/sys/| 
interface to set these values.

Now that you have set these parameters, you may add the VIP to |lo|. 
This will be similar to configuring the VIP on the load balancer, except 
that the addiional address is for |lo|, not |eth0|. Again, ensure that 
the netmask of the address is 255.255.255.255.

Time to test. The service you are running on the nodes must be 
configured to listen on both the RIP and VIP addresses. Assuming your 
firewall policy allows pings, you should still be able to ping the RIP 
of each node from a third-party machine unrelated to the load balancer 
setup. Next, try pinging the RIP of each node from the load balancer; 
connectivity to the node from the load balancer will be necessary once 
you configure the load balancers to check the nodes for availability.

Lastly, pinging the VIP from off-network should result in a response 
from the load balancer.



_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>