[lvs-users] LVS-DR on default gateway

Julian Anastasov ja at ssi.bg
Thu Jan 21 21:05:47 GMT 2010


On Thu, 21 Jan 2010, Dennis J. wrote:

> Hm, I tried setting /proc/sys/net/ipv4/conf/*/rp_filter all both to 0 and 
> to 1 but that had no effect.
> According to this link one cannot control this behaviour using rp_filter:
> http://www.ssi.bg/~ja/#lvsgw
> The forward_shared patch apparently changes this but I'm wondering why this 
> hasn't been accepted into the mainline kernel yet after all these years. 
> The patch seems to be simple enough. I'd really like to use the LVS-DR 
> approach but I had hoped that either this or a similar patch had moved 
> upstream by now so one could simply tell the kernel to accept these 
> packets. Isn't this what the rp_filter flags are for after all?

	It is too dangerous rp_filter to control such
packets because by default rp_filter is OFF. But we should
not worry anymore because more relaxed version of forward_shared
was accepted in kernel:


	It is from Patrick McHardy (ipv4: add sysctl to accept packets 
with local source addresses) and adds "accept_local" flag
in /proc/sys/net/ipv4/conf/... It uses OR logic:

all/accept_local || <dev>/accept_local

	of course, all/accept_local=1 is dangerous to use
for hosts visible from world. So, <dev>/accept_local=1 is
enough to accept traffic from internal device (with real
servers in the IPVS case).


Julian Anastasov <ja at ssi.bg>

