LVS behaviour with no realservers available

[Joseph Mack NA3T]

On Thu, 14 Sep 2006, Nicholas Newberry wrote:

> If my preliminary testing is correct, when the LVS 
> director has no realservers in the table for a particular 
> virtual service, requests for that service produce an icmp 
> port unreachable.

lets the client do something sensible.

> The point of all of this is that if the realservers aren't 
> up, I want client requests to time out (i.e. be silently 
> dropped by the director) rather than get "connection 
> refused".

the user on the client box may not like this (for http, the 
web browser will just hang). Just a caution - you usually 
only drop packets for connections that you regard as 
malicious, and give normal users the reject so they can do 
something else.

However if you really want it, a possible way might be to 
have a director with localnode and an iptables rule for 
127.0.0.1:your_service to drop the inbound packets.

Another way of handling it would be to have a localnode 
sorry server (displaying a page saying "our website is down 
- please come back")

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!