all clients disconnect on failover

Brett Elliott brettelliott at
Wed Oct 11 16:04:06 BST 2006

On 10/11/06, Sebastian Vieira <sebvieira at> wrote:
> On 10/10/06, Graeme Fowler <graeme at> wrote:
> >
> > I have a theory here, though... you're doing NAT. Therefore the director
> > is the default gateway for the realservers - is the address of their
> > default gateway the same as the VIP?
> >
> > If not, you need another vrrp_instance defined which makes the default
> > gateway fail over to the backup director.
> >
> > Graeme
> Okay, i was able to check out the settings for the realservers. It's a bit
> complicated (for me), so let me just give you my findings:
> realservers:
> ip: 192.168.14.x
> gw:
> netmask:
> they're in a seperate vlan
> director:
> ip:
> gw:
> netmask:
> seperate vlan
> I've tried to change the gw on the realserver to the ip of the director, but
> then i get a network unreachable error. And even if that was possible, i've
> learnt that the realserver go back to their default settings upon reboot
> (which happens every now and then), so changing them is not an option. What
> i could do is put the director in the same vlan as the realserver and
> configure the director to use lvs-dr instead. I've no idea if that will make
> a difference though. Is LVS-NAT the only way to go here?
> Changing the mac address is not an option since i have to bring the entire
> interface down before i can do that, in which case keepalived sets the node
> in fault modus and renders itself useless.
With LVS-DR you will still have to modify the realservers so that they
a) use the VIP and b) do not arp for the VIP. (b) often requires a
kernel patch depending on the kernel version/distribution. This is the
"arp problem" people talk about:

In practice this is more invasive than simply changing the gateway of
the real servers.

If you cannot change the realservers, then you cannot use LVS. LVS is
wonderful and magical but it's not that magical. :) You may want to
try a proxy load balancer which only proxies TCP connections:

And they usually don't offer the niceties of load balancer (vs
realserver) failover, failover while keeping state, etc. And the load
balancer will handle all the traffic while this isn't  quite the case
with LVS-DR. And LVS is in the kernel and it's very fast but a proxy
load balancer may be fast enough.

> regards,
> Sebastian
> _______________________________________________
> mailing list - lvs-users at
> Send requests to lvs-users-request at
> or go to

More information about the lvs-users mailing list