Connection synchronization questions

Martijn Grendelman martijn at grendelman.net
Wed Jul 19 15:33:20 BST 2006 

Hi,

I have just enabled the LVS connection sync daemon, but some things 
about the way it works aren't entirely clear to me.

There is an active LVS, running ipvs_syncmaster and a backup LVS, 
running ipvs_syncbackup. I feel I should mention the machines run pretty 
old kernels (2.4-not-latest). I use the local node feature, i.e. both 
machines are also real servers.

On both machines, I see the UDP multicast traffic I expect:

16:19:16.876496 IP tweety.sipo.nl.55286 > 224.0.0.81.8848: UDP, length: 28
16:19:25.875012 IP tweety.sipo.nl.55286 > 224.0.0.81.8848: UDP, length: 28

(tweety.sipo.nl being the master).

Now, knowing nothing about multicast in general, my question is: what 
are the security implications of this kind of traffic? The servers are 
on a shared switch. Are other machines on the LAN able to pick up any 
sensitive data from my load balancers? How could I secure this?

And I have another question.

On the master, I see this:

martijn at tweety:~> rr ipvsadm -L -n
IP Virtual Server version 1.0.10 (size=4096)
Prot LocalAddress:Port Scheduler Flags
   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  212.204.230.98:80 sh
   -> 212.204.230.91:80            Route   200    10         19
   -> 212.204.230.96:80            Local   200    3          18

On the backup LVS, I see:

martijn at daffy:~> rr ipvsadm -L -n
IP Virtual Server version 1.0.12 (size=4096)
Prot LocalAddress:Port Scheduler Flags
   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  212.204.230.98:80 sh
   -> 212.204.230.91:80            Local   200    10         16
   -> 212.204.230.96:80            Route   200    0          0

The number of active connections pointing to the second server (which is 
the active LVS) is 0 on the backup machine. I would expect it to be 3, 
just like on the master.

Does that have something to do with the fact that Forward == Local? Or 
is there something I am missing?

And what about the number of inactive connections on the backup? I 
thought only ESTABLISHED connections are synchronized. When does a 
connection become 'inactive' on the backup? When it is no longer active 
on the master?

Best regards,

Martijn Grendelman

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list