[lvs-users] Local Service not Local Node ??
anders.henke at 1und1.de
Tue Jul 31 08:55:49 BST 2012
On June 30th 2012, A D wrote:
> I have a two server LVS-DR setup using Keepalived for failover.
> Everything is working fine with multiple public VIPs, private real
> servers, health checks, etc.
> I would like to run an NTP service for the internal network on the LVS
> nodes using a VIP.
> Note: I already have a separate NTP service running for public client
> requests - Public IP VIP routed to two real servers. The proposed
> private NTP service and the public can not be mingled.
Failover is fine, "loadbalancing" NTP is actually not a really good
idea. Just as a general note :-)
> When the NTP configuration is set to listen on 0.0.0.0 requests from
> internal clients are not answered (reply from unexpected source:).
> When I set the service to listen on the private VIP the requests are
> answered. As expected.
ntpd needs to opens a listening socket to a specific IP address,
as udp is stateless and doesn't offer any means for the receiving
server to know which IP address has actually been asked.
So by opening listening sockets to all applying IP addresses,
ntpd identifies the receiving IP address by the socket who
received the request.
With this information, ntpd may create a suitable reply packet with
the correct source address.
> The issue: I cannot set the standby LVS's NTP configuration to listen
> on VIP because the LVS server is not aware of it. It will not become
> aware of it until it is the active node.
You may set /proc/sys/net/ipv4/ip_nonlocal_bind to "1".
This permits your ntpd to bind to IPs who aren't configured right now.
When the IP address becomes available, ntpd should receive packets for
this IP address.
> Has anyone run into a similar scenerio. A.k.a clustered service. I
> would prefer to not have to start the NTP server manually on the new
> active node if/when LVS fails over.
Very reasonable: ntpd does need some time to find a current timesource
and get a stable tracking of its own and any upstream time sources.
NTP is much more of an art of science rather than simply transmitting
some timestamp and setting one's local clock according.
1&1 Internet AG Expert Systems Architect (IT Operations)
Brauerstrasse 50 v://49.721.91374.0
D-76135 Karlsruhe f://49.721.91374.225
Amtsgericht Montabaur HRB 6484
Vorstände: Henning Ahlert, Ralph Dommermuth, Matthias Ehrlich,
Robert Hoffmann, Andreas Hofmann, Markus Huhn, Hans-Henning Kettler,
Dr. Oliver Mauss, Jan Oetjen, Martin Witt
Aufsichtsratsvorsitzender: Michael Scheeren
More information about the lvs-users