Connection synchronization questions

Martijn Grendelman martijn at grendelman.net
Fri Jul 21 09:42:24 BST 2006 

Nobody?

Best regards,
Martijn.


Martijn Grendelman schreef:
> Hi,
> 
> I have just enabled the LVS connection sync daemon, but some things 
> about the way it works aren't entirely clear to me.
> 
> There is an active LVS, running ipvs_syncmaster and a backup LVS, 
> running ipvs_syncbackup. I feel I should mention the machines run pretty 
> old kernels (2.4-not-latest). I use the local node feature, i.e. both 
> machines are also real servers.
> 
> On both machines, I see the UDP multicast traffic I expect:
> 
> 16:19:16.876496 IP tweety.sipo.nl.55286 > 224.0.0.81.8848: UDP, length: 28
> 16:19:25.875012 IP tweety.sipo.nl.55286 > 224.0.0.81.8848: UDP, length: 28
> 
> (tweety.sipo.nl being the master).
> 
> Now, knowing nothing about multicast in general, my question is: what 
> are the security implications of this kind of traffic? The servers are 
> on a shared switch. Are other machines on the LAN able to pick up any 
> sensitive data from my load balancers? How could I secure this?
> 
> And I have another question.
> 
> On the master, I see this:
> 
> martijn at tweety:~> rr ipvsadm -L -n
> IP Virtual Server version 1.0.10 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
>   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> TCP  212.204.230.98:80 sh
>   -> 212.204.230.91:80            Route   200    10         19
>   -> 212.204.230.96:80            Local   200    3          18
> 
> On the backup LVS, I see:
> 
> martijn at daffy:~> rr ipvsadm -L -n
> IP Virtual Server version 1.0.12 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
>   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> TCP  212.204.230.98:80 sh
>   -> 212.204.230.91:80            Local   200    10         16
>   -> 212.204.230.96:80            Route   200    0          0
> 
> The number of active connections pointing to the second server (which is 
> the active LVS) is 0 on the backup machine. I would expect it to be 3, 
> just like on the master.
> 
> Does that have something to do with the fact that Forward == Local? Or 
> is there something I am missing?
> 
> And what about the number of inactive connections on the backup? I 
> thought only ESTABLISHED connections are synchronized. When does a 
> connection become 'inactive' on the backup? When it is no longer active 
> on the master?
> 
> Best regards,
> 
> Martijn Grendelman
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> 
>

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list