ARP problem in VS/TUN and VS/DR
这里我把文档里重要的一段贴出来:

2. The redirect approach

For VS/DR clusters, Horms suggested a very cute redirect approach to get around the arp problem.

I have been able to get around this problem by removing the interface alias on the real servers and setting up a redirect, using ipchains of the form:

ipchains -A input -j REDIRECT <port> -d <virtual-ip-address> <port> -p <protocol>

This has the down side that the real servers essentially have to be Linux boxes to support this feature but it has the up side that the Linux Director can easily be moved to any machine on the LAN as it does not have to have an interface on a network other than the LAN. This has important implications in being able to fail over the Linux Director in a case of failure.

" />
首页 > Operation System > 用iptables来解决lvs中linux的real server的arp problem

用iptables来解决lvs中linux的real server的arp problem

2006年1月6日 发表评论 阅读评论

这里是官方文档:ARP problem in VS/TUN and VS/DR
这里我把文档里重要的一段贴出来:

2. The redirect approach

For VS/DR clusters, Horms suggested a very cute redirect approach to get around the arp problem.

I have been able to get around this problem by removing the interface alias on the real servers and setting up a redirect, using ipchains of the form:

ipchains -A input -j REDIRECT <port> -d <virtual-ip-address> <port> -p <protocol>

This has the down side that the real servers essentially have to be Linux boxes to support this feature but it has the up side that the Linux Director can easily be moved to any machine on the LAN as it does not have to have an interface on a network other than the LAN. This has important implications in being able to fail over the Linux Director in a case of failure.

For running multiple virtual services on a single VIP, you can specify multiple redirect commands for different ports, or you don’t supply a port number so the comands could cover all ports in one hit per protocol as follows:

ipchains -A input -j REDIRECT -d <VIP> -p tcp

ipchains -A input -j REDIRECT -d <VIP> -p udp

For VS/TUN clusters, you can simply configure tunl0 up so that the system can decapsulate ipip packets properly, then add the REDIRECT commands for VIPs.

For iptables in kernel 2.4, you can use it as follows:

iptables -t nat -A PREROUTING -p tcp -d <VIP> --dport <vport> -j REDIRECT --to-port <vport>

 

分类: Operation System 标签:
  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.