[lvs-users] local forwarding method not working

Julian Anastasov ja at ssi.bg
Fri Dec 13 20:26:54 GMT 2013


	Hello,

On Fri, 13 Dec 2013, "Matías E. Fernández" wrote:

> Dear lvs-users
> 
> We use LVS extensively with Keepalived for running redundant
> load balanced setups. As part of the load balancer we sometimes
> use what is called a sorry_server in Keepalived. This maps to a 
> local real server in LVS speak.
> 
> In recent versions we have found a change in behaviour that
> seems to break that functionality of a local sorry_server. It boils
> down to LVS not setting the forward mode to "Local" for addresses for
> which there interfaces on the local node.

...

> Note that in this later cate the forward mode in the second example
> has *NOT* been set to "Local".
> 
> This behaviour contradicts the documentation in the manual, which states:
> 
> > Regardless of the packet-forwarding mechanism specified, real servers for 
> > addresses for  which  there  are interfaces on the local node will be use 
> > the local forwarding method, then packets for the servers will be passed to upper layer on the local node. This cannot be specified by ipvsadm, rather  it  set  by  the  kernel  
> > as  real servers are added or modified.
> 
> Is the observed behaviour desired or a bug in LVS or even the Kernel?

	It is a change that helps the synchronization:

===
commit fc604767613b6d2036cdc35b660bc39451040a47
Author: Julian Anastasov <ja at ssi.bg>
Date:   Sun Oct 17 16:38:15 2010 +0300

    ipvs: changes for local real server

...
    - Now LOCALNODE is not set explicitly as forwarding
    method in real server to allow the connections to provide
    correct forwarding method to the backup server. Not sure if
    this breaks tools that expect to see 'Local' real server type.
    If needed, this can be supported with new flag IP_VS_DEST_F_LOCAL.
    Now it should be possible connections in backup that lost
    their fwmark information during sync to be forwarded properly
    to their daddr, even if it is local address in the backup server.
    By this way backup could be used as real server for DR or TUN,
    for NAT there are some restrictions because tuple collisions
    in conntracks can create problems for the traffic.
===

	My understanding is that Local method just
passed the packet to the local server listening on VIP, without
modification. The same is done by Route method. But I still
don't understand what actually breaks in Keepalived. OTOH, if
NAT method is used, the destination address/port in packet
is modified to match the real server. In such case the
local server listens on RIP:RPORT, not on VIP:VPORT.

Regards

--
Julian Anastasov <ja at ssi.bg>


More information about the lvs-users mailing list