[lvs-users] LVS-DR UDP healthy check problem

Julian Anastasov ja at ssi.bg
Sun Dec 11 08:29:43 GMT 2016


On Sun, 11 Dec 2016, linbo liao wrote:

> Thanks Julian.
> One more question about bind 2 sockets. For UDP bind RIP and VIP, are they
> two different application? If yes, how to handle application works on RIP,
> but failed on VIP?

	It can be single application which can configure 2
listeners (IP:PORT), as result, 2 sockets are created that
should be polled for evenets.

	Not sure why it does not work for VIP but for DR method
the real servers should configure the VIP as local address
on any interface except the one where ARP broadcast probes
for VIP are received. For example, if traffic from director
is received on eth0 you need to:

1. configure VIP on lo, dummy, etc, even on eth1, if no ARP
	probes for VIP are received there
2. add ARP restrictions for VIP on eth0:

# Do not send ARP replies if someone asks for VIP (any IP
# that is not configured on eth0)
echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore

# When sending ARP probes on eth0, always prefer the local
# primary address as source for the probed target address.
# By default, kernel can use source address from IP packet
# that triggers the ARP probe which is bad when this is the VIP.
# As result, do not use VIP as source in ARP probes but the
# IP used to configure the subnet on eth0.
echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce

	Then server applications on the real server
can send replies for VIP without using it in ARP packets.
VIP looks as normal IP, only that we hide it from other
hosts on the LAN because it should be visible only on the

	Someone finds the above settings useful even for
non-IPVS setups because ARP traffic is restricted to
addresses for the specific interface and as result, such
isolation is only for good.


Julian Anastasov <ja at ssi.bg>

More information about the lvs-users mailing list