[lvs-users] Weird problem with LVS-DR

[Graeme Fowler]

Gah, replying to own post...

On Thu, 2007-12-20 at 11:29 +0000, Graeme Fowler wrote:
> This *should* allow you, with some modifications, to sort out your
> problem and keep an active/active master/backup (by this I mean with
> IPVS loaded and configured on both directors).

This works perfectly where you have more than one interface and are
routing inter-director traffic via a "backend". In the case of a single
NIC on each box, you need a modified rule to NOT apply the mark value to
packets sourced from the "other" director:

1. On node1 create an iptables rule of the form:
-t mangle -I PREROUTING -d $VIP -p tcp -m tcp --dport $VPORT -m mac \
  ! --mac-source $MAC_NODE2 -j MARK --set-mark 0x6

where $MAC_NODE2 is node2's MAC address as seen by node1. Do a similar
trick on node2:

-t mangle -I PREROUTING -d $VIP -p tcp -m tcp --dport $VPORT -m mac \
  ! --mac-source $MAC_NODE1 -j MARK --set-mark 0x7

where $MAC_NODE1 is node1's MAC address as seen by node2.

2. Change your keepalived.conf so that it uses fwmarks.
node1:
virtual_server fwmark 6 {

node2:
virtual_server fwmark 7 {



Maybe I should write this up properly for Joe's HOWTO :)