[lvs-users] Connections to VIPs on the same machine (in BACKUP state)

Jamie Dahl jamied at meatball.net
Thu Jul 9 23:50:17 BST 2015

So I am curious if you have made the following changes to your real servers:

What might be happening is lvs2 could be seeing the arp reply from the
servers for the VIP IP.  The above settings will prevent internal/inside
traffic from bypassing your LVS cluster etc.

> Hi list,
> I've a doubt about how connections to a VIP initiated on the same machine
> works. Let me explain with an example:
> I have 2 machines (lvs1 and lvs2) with keepalived (vrrp+LVS-DR). The
> cluster has a virtual server ( with some real servers behind.
> lvs1 is the master and lvs2 is the backup.
> The strange thing I'm seeing and that I don't understand (at least as a
> feature) is that ig on lvs2 I try to connect to
> it goes directly to the real servers without passing through lvs1. But
> is not present on any lvs2 interfaces (ifconfig, ip addr) but
> only
> in the keepalived configuration. It's not even present in the ARP cache
> table.
> I was thinking that maybe, since it's known to LVS, this IP is somewhere
> in
> the ip_vs module and it's in earlier stage of the network stack, so any
> connection to it is handled by the LVS stack as if lvs2 were the MASTER.
> If
> I remove the virtual server from lvs2 keepalived, then a connection to
> from lvs2 goes to the real servers through lvs1 as expected.
> Is this normal? Is this the expected behavior? If so, why?
> Thank you very much
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users


More information about the lvs-users mailing list