Re: [lvs-users] netmask for vip?

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] netmask for vip?
From:	Aaron West <aaron@xxxxxxxxxxxxxxxx>
Date:	Wed, 21 Jun 2017 16:13:49 +0100

Linbo,

This goes back to what I originally said.

I assume you mean on the loopback adapter? If so then use a 255.255.255.255
> or /32 for safety, not all OS's may need it as there can be many ways to
> make it not respond to ARP, however, this also helps as you are telling the
> OS it's a single address.


So use a /32 for safety unless you can't for some reason as this helps to
guarantee the real server will not respond to ARP requests for that VIP.
There are indeed many many ways depending on OS to solve the ARP issue...
Out of interest what OS are your real servers?

Aaron West

Loadbalancer.org
www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>

<https://plus.google.com/+LoadbalancerOrg>
<https://twitter.com/loadbalancerorg>
<http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
<https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017>
<https://www.loadbalancer.org/?gclid=ES2017>
+1 888 867 9504 / +44 (0)330 380 1064
aaron@xxxxxxxxxxxxxxxx

LEAVE A REVIEW
<http://collector.reviews.io/loadbalancer-org-inc-/new-review> | DEPLOYMENT
GUIDES
<https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017>
 | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>

On 21 June 2017 at 16:07, linbo liao <llbgurs@xxxxxxxxx> wrote:

> I have no idea.
>
> Refer to
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.
> ipvsadm.html#netmask_for_VIP
>
>
>    - For LVS-DR, LVS-Tun: netmask for VIP on director, realservers must be
>    /32.
>
> and Julian reply the post
> http://archive.linuxvirtualserver.org/html/lvs-users/2016-12/msg00014.html
>
> 2. add VIP/32 on lo (for real server) or on eth0 (for director)
>
> Thanks,
>
> Linbo
>
>
> 2017-06-21 22:31 GMT+08:00 Aaron West <aaron@xxxxxxxxxxxxxxxx>:
>
> > Linbo,
> >
> > Sorry, if you mean directly on the interface of the director so when you
> > check the output of "ip a" then I'd use the netmask of the network, I
> > thought you meant the netmask setting for LVS itself.
> >
> >
> >
> > Aaron West
> >
> > Loadbalancer.org
> > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> >
> > <https://plus.google.com/+LoadbalancerOrg>
> > <https://twitter.com/loadbalancerorg>
> > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > <https://www.loadbalancer.org/?category=company&post-name=
> > overview&?gclid=ES2017>
> > <https://www.loadbalancer.org/?gclid=ES2017>
> > +1 888 867 9504 / +44 (0)330 380 1064
> > aaron@xxxxxxxxxxxxxxxx
> >
> > LEAVE A REVIEW
> > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > DEPLOYMENT
> > GUIDES
> > <https://www.loadbalancer.org/?category=resources&post-name=
> > deployment-guides&?gclid=ES2017>
> >  | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> >
> > On 21 June 2017 at 15:20, linbo liao <llbgurs@xxxxxxxxx> wrote:
> >
> > > I am not sure.
> > >
> > > If I configure vip netmask, and use  `ip a`  it will print vip with
> > netmask
> > > information.  But  `-M netmask` is show in `ipvsadm -Ln`.
> > >
> > > I think there are different thing.
> > >
> > > Thanks,
> > > Linbo
> > >
> > >
> > > 2017-06-21 22:01 GMT+08:00 Aaron West <aaron@xxxxxxxxxxxxxxxx>:
> > >
> > > > Linbo,
> > > >
> > > > Yes, I believe it will be exactly the same, sorry for referencing
> > > > Ldirectord it's just what I'm used to using.
> > > >
> > > > Did a quick google to verify my thoughts and this page backs me up as
> > > well
> > > > as being a nice read in itself:
> > > > http://www.ducea.com/2008/06/16/lvs-persistence/
> > > >
> > > > Aaron West
> > > >
> > > > Loadbalancer.org
> > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> > > >
> > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > <https://twitter.com/loadbalancerorg>
> > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > overview&?gclid=ES2017>
> > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > aaron@xxxxxxxxxxxxxxxx
> > > >
> > > > LEAVE A REVIEW
> > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > DEPLOYMENT
> > > > GUIDES
> > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > deployment-guides&?gclid=ES2017>
> > > >  | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> > > >
> > > > On 21 June 2017 at 14:37, linbo liao <llbgurs@xxxxxxxxx> wrote:
> > > >
> > > > > Sorry I miss the detailed information.
> > > > >
> > > > > I mean the netmask of VIP in LVS director. LVS use keepalived to do
> > HA.
> > > > > Will vip netmask in LVS director affect the persistence ?
> > > > >
> > > > > 2017-06-18 16:30 GMT+08:00 Aaron West <aaron@xxxxxxxxxxxxxxxx>:
> > > > >
> > > > > > Hi Linbo,
> > > > > >
> > > > > > I assume you mean on the loopback adapter? If so then use a
> > > > > 255.255.255.255
> > > > > > or /32 for safety, not all OS's may need it as there can be many
> > ways
> > > > to
> > > > > > make it not respond to ARP, however, this also helps as you are
> > > telling
> > > > > the
> > > > > > OS it's a single address.
> > > > > >
> > > > > > Or do you mean the "netmask" in the ldirectord config which
> affects
> > > > > > persistence? When this is at the default of 255.255.255.255
> > > persistence
> > > > > > will work per source address so 192.168.0.10 and 192.168.0.11
> would
> > > get
> > > > > > stuck to different servers. If you set 255.255.255.0 then they
> > would
> > > > both
> > > > > > hit the same server as persistence would work by subnet so the
> > whole
> > > > > > 192.168.0.0/24 subnet would be stuck to the first server.
> > > > > >
> > > > > > Hope that's relevant to your question and makes sense...
> > > > > >
> > > > > >
> > > > > > Aaron West
> > > > > >
> > > > > > Loadbalancer.org
> > > > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017
> >
> > > > > >
> > > > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > > > <https://twitter.com/loadbalancerorg>
> > > > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-
> company-name
> > >
> > > > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > > > overview&?gclid=ES2017>
> > > > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > > > aaron@xxxxxxxxxxxxxxxx
> > > > > >
> > > > > > LEAVE A REVIEW
> > > > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > > > DEPLOYMENT
> > > > > > GUIDES
> > > > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > > > deployment-guides&?gclid=ES2017>
> > > > > >  | BLOG <https://www.loadbalancer.org/
> ?category=blog&?gclid=ES2017
> > >
> > > > > >
> > > > > > On 18 June 2017 at 01:16, linbo liao <llbgurs@xxxxxxxxx> wrote:
> > > > > >
> > > > > > > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no
> netmask
> > > > > support
> > > > > > in
> > > > > > > configuration, the default netmask is 255.255.255.255. I test
> > > default
> > > > > > > netmask, looks everything works fine.
> > > > > > >
> > > > > > > So what's the proper netmask for vip, 255.255.255.255 or
> > > > 255.255.255.0?
> > > > > > >
> > > > > > > Thanks,
> > > > > > > Linbo
> > > > > > > _______________________________________________
> > > > > > > Please read the documentation before posting - it's available
> at:
> > > > > > > http://www.linuxvirtualserver.org/
> > > > > > >
> > > > > > > LinuxVirtualServer.org mailing list -
> > lvs-users@LinuxVirtualServer.
> > > > org
> > > > > > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > > >
> > > > > > _______________________________________________
> > > > > > Please read the documentation before posting - it's available at:
> > > > > > http://www.linuxvirtualserver.org/
> > > > > >
> > > > > > LinuxVirtualServer.org mailing list -
> lvs-users@LinuxVirtualServer.
> > > org
> > > > > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > >
> > > > > _______________________________________________
> > > > > Please read the documentation before posting - it's available at:
> > > > > http://www.linuxvirtualserver.org/
> > > > >
> > > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> > org
> > > > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > >
> > > > _______________________________________________
> > > > Please read the documentation before posting - it's available at:
> > > > http://www.linuxvirtualserver.org/
> > > >
> > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> org
> > > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > >
> > > _______________________________________________
> > > Please read the documentation before posting - it's available at:
> > > http://www.linuxvirtualserver.org/
> > >
> > > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > >
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] netmask for vip?, linbo liao Re: [lvs-users] netmask for vip?, Aaron West Re: [lvs-users] netmask for vip?, linbo liao Re: [lvs-users] netmask for vip?, Aaron West Re: [lvs-users] netmask for vip?, linbo liao Re: [lvs-users] netmask for vip?, Aaron West Re: [lvs-users] netmask for vip?, linbo liao Re: [lvs-users] netmask for vip?, Aaron West <= Re: [lvs-users] netmask for vip?, linbo liao Re: [lvs-users] netmask for vip?, Aaron West Re: [lvs-users] netmask for vip?, Julian Anastasov Re: [lvs-users] netmask for vip?, linbo liao Re: [lvs-users] netmask for vip?, Andrew Smalley Re: [lvs-users] netmask for vip?, Julian Anastasov Re: [lvs-users] netmask for vip?, linbo liao Re: [lvs-users] netmask for vip?, Julian Anastasov Re: [lvs-users] netmask for vip?, linbo liao

Previous by Date:	Re: [lvs-users] netmask for vip?, linbo liao
Next by Date:	Re: [lvs-users] netmask for vip?, linbo liao
Previous by Thread:	Re: [lvs-users] netmask for vip?, linbo liao
Next by Thread:	Re: [lvs-users] netmask for vip?, linbo liao
Indexes:	[Date] [Thread] [Top] [All Lists]