[lvs-users] local forwarding method not working
ja at ssi.bg
Fri Dec 13 20:26:54 GMT 2013
On Fri, 13 Dec 2013, "Matías E. Fernández" wrote:
> Dear lvs-users
> We use LVS extensively with Keepalived for running redundant
> load balanced setups. As part of the load balancer we sometimes
> use what is called a sorry_server in Keepalived. This maps to a
> local real server in LVS speak.
> In recent versions we have found a change in behaviour that
> seems to break that functionality of a local sorry_server. It boils
> down to LVS not setting the forward mode to "Local" for addresses for
> which there interfaces on the local node.
> Note that in this later cate the forward mode in the second example
> has *NOT* been set to "Local".
> This behaviour contradicts the documentation in the manual, which states:
> > Regardless of the packet-forwarding mechanism specified, real servers for
> > addresses for which there are interfaces on the local node will be use
> > the local forwarding method, then packets for the servers will be passed to upper layer on the local node. This cannot be specified by ipvsadm, rather it set by the kernel
> > as real servers are added or modified.
> Is the observed behaviour desired or a bug in LVS or even the Kernel?
It is a change that helps the synchronization:
Author: Julian Anastasov <ja at ssi.bg>
Date: Sun Oct 17 16:38:15 2010 +0300
ipvs: changes for local real server
- Now LOCALNODE is not set explicitly as forwarding
method in real server to allow the connections to provide
correct forwarding method to the backup server. Not sure if
this breaks tools that expect to see 'Local' real server type.
If needed, this can be supported with new flag IP_VS_DEST_F_LOCAL.
Now it should be possible connections in backup that lost
their fwmark information during sync to be forwarded properly
to their daddr, even if it is local address in the backup server.
By this way backup could be used as real server for DR or TUN,
for NAT there are some restrictions because tuple collisions
in conntracks can create problems for the traffic.
My understanding is that Local method just
passed the packet to the local server listening on VIP, without
modification. The same is done by Route method. But I still
don't understand what actually breaks in Keepalived. OTOH, if
NAT method is used, the destination address/port in packet
is modified to match the real server. In such case the
local server listens on RIP:RPORT, not on VIP:VPORT.
Julian Anastasov <ja at ssi.bg>
More information about the lvs-users