[lvs-users] feedback loop
ja at ssi.bg
Sat Feb 4 12:07:04 GMT 2017
On Fri, 3 Feb 2017, Zetan Drableg wrote:
> Hi, I have two nodes running ipvs/keepalived and syslog-ng for the load
> balanced service. Both nodes have a single network interface in production,
> but two in my local test kitchen. (eth0 for vagrant, eth1 for the multi
> node comms).
> I have discovered a feedback loop between both directors causing 100%
> network utilization. The same packets are being played over and over again
> (verified by packet contents timestamp).
> I have read this, but the solution is not clear.
> When running both the ipvs director and the real server on the same box, do
> I need to use firewall marks and -t mangle based on mac-source of the other
If you have more than one director and you have
the same IPVS rules to support backup mode and while some
director in backup mode is also a real server used by the
master director, then you need filtering by MAC or as a
second option to use the backup_only=1 sysctl flag on the
backup box (present in 3.9+).
Its purpose, if enabled, is to disable the director
function (forwarding of traffic to real servers based on the
IPVS rules) when we are currently in backup mode for all
virtual services. Currently, we do not support disabling
the director function per virtual service.
As result, when traffic comes, such backup server
will assume that another director (master) is using us
as real server. We will deliver the traffic to the local
stack. If backup_only=0 we think that clients sent the
traffic to us and the director function can cause loop
to another director if present as real server in our rules.
Whatever solution you decide to use, its purpose
is to decide whether traffic comes from clients (then
we can forward to real servers) or from another
director (then we are its real server).
Julian Anastasov <ja at ssi.bg>
More information about the lvs-users