[lvs-users] Fixing the Martian Packet issue on LVS-DR

Dennis Jacobfeuerborn dennisml at conversis.de
Mon Oct 7 19:14:13 BST 2013


On 07.10.2013 19:46, Khosrow Ebrahimpour wrote:
> Hello list,
>
> Recently we modified the configuration of our lvs systems to do LVS-DR
> as well as LVS-NAT. The setup works well with LVS-NAT has been working
> tirelessly for a year. A new VIP was added to load-balance using LVS-NAT
> with a setup something like the below diagram:
>
> CIP  --> VIP (192.168.17.44), gateway(192.168.2.1)--> RIP (192.168.2.51)
>
> We're now seeing the martian source problem whenever CIP originates from
> outside the 192.168.2.x subnet. I understand why we are getting the
> error, but hoping there's a solution to getting this setup working. Is
> anyone running a similar setup and has found a solution to the martian
> source problem?
>
> I have had a look at the information on the solution called "Julian's
> martian modification" in section 7.5.2
> (http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-DR.html#martian_modification)
> but that requires a patch to the kernel and I'm hoping to avoid having
> to do custom compiling a kernel.
>
> Note: the reason we decided to go with LVS-DR is that using LVS-NAT
> would leave all clients in the same subnet as the RIP (192.168.2.x)
> unable to use this service since the RIP would respond back directly to
> the CIP and the connection would be broken.

For a while now there is a setting 
/proc/sys/net/ipv4/conf/*/accept_local that should solve this at least 
in theory:

accept_local - BOOLEAN
	Accept packets with local source addresses. In combination
	with suitable routing, this can be used to direct packets
	between two local interfaces over the wire and have them
	accepted properly.

	rp_filter must be set to a non-zero value in order for
	accept_local to have an effect.

	default FALSE

When I tried this however I ended up with 100% cpu usage as the packets 
apparently ended up in some a routing loop of some kind.

If anyone has an idea how to make this work I would be interested in 
hearing about it as well.

Regards,
   Dennis



More information about the lvs-users mailing list