[lvs-users] keepalived: LVS-DR split brain w/firewalls up

Graeme Fowler graeme at graemef.net
Sun Jul 29 18:16:07 BST 2007 

On Sun, 2007-07-29 at 10:55 -0400, Gerry Reno wrote:
> I was hoping someone could tell me. I just brought up the firewalls on 
> the directors and instant split brain. What port/protocol do the 
> directors use to communicate with each other?

Keepalived uses VRRP - you can search for the relevant RFC yourself for
the nitty gritty (or follow the links on keepalived.org).

If you have two directors, DIP1 and DIP2 then use a rule of the form:

on DIP1:
iptables -A INPUT -s $DIP2 -j ACCEPT

on DIP2:
iptables -A INPUT -s $DIP1 -j ACCEPT

Or the same rule on both to accept VRRP:

iptables -A INPUT -d 224.0.0.18/32 -j ACCEPT

If you've modified your mcast_src_address in keepalived.conf, use that
IP instead.

Graeme

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list