[lvs-users] LVS-DR on default gateway
ja at ssi.bg
Thu Jan 21 21:05:47 GMT 2010
On Thu, 21 Jan 2010, Dennis J. wrote:
> Hm, I tried setting /proc/sys/net/ipv4/conf/*/rp_filter all both to 0 and
> to 1 but that had no effect.
> According to this link one cannot control this behaviour using rp_filter:
> The forward_shared patch apparently changes this but I'm wondering why this
> hasn't been accepted into the mainline kernel yet after all these years.
> The patch seems to be simple enough. I'd really like to use the LVS-DR
> approach but I had hoped that either this or a similar patch had moved
> upstream by now so one could simply tell the kernel to accept these
> packets. Isn't this what the rp_filter flags are for after all?
It is too dangerous rp_filter to control such
packets because by default rp_filter is OFF. But we should
not worry anymore because more relaxed version of forward_shared
was accepted in kernel:
It is from Patrick McHardy (ipv4: add sysctl to accept packets
with local source addresses) and adds "accept_local" flag
in /proc/sys/net/ipv4/conf/... It uses OR logic:
all/accept_local || <dev>/accept_local
of course, all/accept_local=1 is dangerous to use
for hosts visible from world. So, <dev>/accept_local=1 is
enough to accept traffic from internal device (with real
servers in the IPVS case).
Julian Anastasov <ja at ssi.bg>
More information about the lvs-users