Configuring LVS TUN with new arp_tables_jf

Graeme Fowler graeme at graemef.net
Tue Aug 9 14:36:47 BST 2005


On Tue 09 Aug 2005 13:11:46 BST , Nigel Hamilton <nigel at turbo10.com> wrote:
> Does this look sane?
>>
>> Nope.
>>
> Ouch.

No pain intended :)

>>> MTU=1480
>>> NETMASK=255.255.255.255
>>> BOOTPROTO=none
>>> BROADCAST=66.98.1.255
>> ^^^^^^^^^^^^^^^^^^^^^^^
>
> I actually copied this from my old cluster config. What are the 
> ramifications of an incorrect broadcast address?

That depends; in this case probably very little actually. In the wider 
case, incorrect broadcasts cause all sorts of shenanigans - especially 
on Windows AD networks where you want to physically separate AD or WINS 
domains, incorrect broadcast addresses can result in all manner of 
information leakage. But that's not relevant here.

> Graeme so just to confirm - I need to set the BROADCAST address for 
> LVS TUN to point back to the VIP?

Correct.

Here's the simple explanation: the network and broadcast addresses for 
a given netmask correspond to the first and last addresses (not 
_usable_ addresses) in that range.
For a netmask of 255.255.255.0 - a /24 network with which most people 
are most familiar - the last octets of these addresses are 0 and 255. 
Using 10.26.101.130 as an example:

10.26.101.130 mask 255.255.255.0 : network 10.26.101.0, broadcast 
10.26.101.255

10.26.101.130 mask 255.255.255.128 : network 10.26.101.128, broadcast 
10.26.101.255

10.26.101.130 mask 255.255.255.192 : network 10.26.101.128, broadcast 
10.26.101.191

...and so on down to...

10.26.101.130 mask 255.255.255.252 : network 10.26.101.128, broadcast 
10.26.101.131

10.26.101.130 mask 255.255.255.254 : network 10.26.101.130, broadcast 
10.26.101.131 [Only useful as a point-point link]

10.26.101.130 mask 255.255.255.255 : network 10.26.101.130, broadcast 
10.26.101.255

So a /32 netmask, equating to 255.255.255.255, is a network of one 
address - this sounds counterintuitive but is often the best way to add 
VIPs to local adapters, amongst other things. It's also used as a route 
injection hack in various routing protocols when you want most of a 
block in one building or location, but specific /32 prefixes elsewhere.

So it sounds weird but it makes perfect sense :)

Put "CIDR calculator" into Google and have a play with some of the 
online ones.

HTH

Graeme





>
>>> IPADDR=66.98.227.143
>>> NETWORK=66.98.227.143
>
> And the NETWORK should also point to the VIP?
>
>
> Nige
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>



-- 
Do not walk behind me, for I may not lead. Do not walk ahead of me, for 
I may not follow.
Do not walk beside me either, just eff off and leave me alone!



More information about the lvs-users mailing list