[lvs-users] Fixing the Martian Packet issue on LVS-DR
dennisml at conversis.de
Mon Oct 7 19:14:13 BST 2013
On 07.10.2013 19:46, Khosrow Ebrahimpour wrote:
> Hello list,
> Recently we modified the configuration of our lvs systems to do LVS-DR
> as well as LVS-NAT. The setup works well with LVS-NAT has been working
> tirelessly for a year. A new VIP was added to load-balance using LVS-NAT
> with a setup something like the below diagram:
> CIP --> VIP (192.168.17.44), gateway(192.168.2.1)--> RIP (192.168.2.51)
> We're now seeing the martian source problem whenever CIP originates from
> outside the 192.168.2.x subnet. I understand why we are getting the
> error, but hoping there's a solution to getting this setup working. Is
> anyone running a similar setup and has found a solution to the martian
> source problem?
> I have had a look at the information on the solution called "Julian's
> martian modification" in section 7.5.2
> but that requires a patch to the kernel and I'm hoping to avoid having
> to do custom compiling a kernel.
> Note: the reason we decided to go with LVS-DR is that using LVS-NAT
> would leave all clients in the same subnet as the RIP (192.168.2.x)
> unable to use this service since the RIP would respond back directly to
> the CIP and the connection would be broken.
For a while now there is a setting
/proc/sys/net/ipv4/conf/*/accept_local that should solve this at least
accept_local - BOOLEAN
Accept packets with local source addresses. In combination
with suitable routing, this can be used to direct packets
between two local interfaces over the wire and have them
rp_filter must be set to a non-zero value in order for
accept_local to have an effect.
When I tried this however I ended up with 100% cpu usage as the packets
apparently ended up in some a routing loop of some kind.
If anyone has an idea how to make this work I would be interested in
hearing about it as well.
More information about the lvs-users