[lvs-users] netmask for vip?

Aaron West aaron at loadbalancer.org
Wed Jun 21 16:13:49 BST 2017


Linbo,

This goes back to what I originally said.

I assume you mean on the loopback adapter? If so then use a 255.255.255.255
> or /32 for safety, not all OS's may need it as there can be many ways to
> make it not respond to ARP, however, this also helps as you are telling the
> OS it's a single address.


So use a /32 for safety unless you can't for some reason as this helps to
guarantee the real server will not respond to ARP requests for that VIP.
There are indeed many many ways depending on OS to solve the ARP issue...
Out of interest what OS are your real servers?

Aaron West

Loadbalancer.org
www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>

<https://plus.google.com/+LoadbalancerOrg>
<https://twitter.com/loadbalancerorg>
<http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
<https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017>
<https://www.loadbalancer.org/?gclid=ES2017>
+1 888 867 9504 / +44 (0)330 380 1064
aaron at loadbalancer.org

LEAVE A REVIEW
<http://collector.reviews.io/loadbalancer-org-inc-/new-review> | DEPLOYMENT
GUIDES
<https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017>
 | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>

On 21 June 2017 at 16:07, linbo liao <llbgurs at gmail.com> wrote:

> I have no idea.
>
> Refer to
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.
> ipvsadm.html#netmask_for_VIP
>
>
>    - For LVS-DR, LVS-Tun: netmask for VIP on director, realservers must be
>    /32.
>
> and Julian reply the post
> http://archive.linuxvirtualserver.org/html/lvs-users/2016-12/msg00014.html
>
> 2. add VIP/32 on lo (for real server) or on eth0 (for director)
>
> Thanks,
>
> Linbo
>
>
> 2017-06-21 22:31 GMT+08:00 Aaron West <aaron at loadbalancer.org>:
>
> > Linbo,
> >
> > Sorry, if you mean directly on the interface of the director so when you
> > check the output of "ip a" then I'd use the netmask of the network, I
> > thought you meant the netmask setting for LVS itself.
> >
> >
> >
> > Aaron West
> >
> > Loadbalancer.org
> > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> >
> > <https://plus.google.com/+LoadbalancerOrg>
> > <https://twitter.com/loadbalancerorg>
> > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > <https://www.loadbalancer.org/?category=company&post-name=
> > overview&?gclid=ES2017>
> > <https://www.loadbalancer.org/?gclid=ES2017>
> > +1 888 867 9504 / +44 (0)330 380 1064
> > aaron at loadbalancer.org
> >
> > LEAVE A REVIEW
> > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > DEPLOYMENT
> > GUIDES
> > <https://www.loadbalancer.org/?category=resources&post-name=
> > deployment-guides&?gclid=ES2017>
> >  | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> >
> > On 21 June 2017 at 15:20, linbo liao <llbgurs at gmail.com> wrote:
> >
> > > I am not sure.
> > >
> > > If I configure vip netmask, and use  `ip a`  it will print vip with
> > netmask
> > > information.  But  `-M netmask` is show in `ipvsadm -Ln`.
> > >
> > > I think there are different thing.
> > >
> > > Thanks,
> > > Linbo
> > >
> > >
> > > 2017-06-21 22:01 GMT+08:00 Aaron West <aaron at loadbalancer.org>:
> > >
> > > > Linbo,
> > > >
> > > > Yes, I believe it will be exactly the same, sorry for referencing
> > > > Ldirectord it's just what I'm used to using.
> > > >
> > > > Did a quick google to verify my thoughts and this page backs me up as
> > > well
> > > > as being a nice read in itself:
> > > > http://www.ducea.com/2008/06/16/lvs-persistence/
> > > >
> > > > Aaron West
> > > >
> > > > Loadbalancer.org
> > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> > > >
> > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > <https://twitter.com/loadbalancerorg>
> > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > overview&?gclid=ES2017>
> > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > aaron at loadbalancer.org
> > > >
> > > > LEAVE A REVIEW
> > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > DEPLOYMENT
> > > > GUIDES
> > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > deployment-guides&?gclid=ES2017>
> > > >  | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> > > >
> > > > On 21 June 2017 at 14:37, linbo liao <llbgurs at gmail.com> wrote:
> > > >
> > > > > Sorry I miss the detailed information.
> > > > >
> > > > > I mean the netmask of VIP in LVS director. LVS use keepalived to do
> > HA.
> > > > > Will vip netmask in LVS director affect the persistence ?
> > > > >
> > > > > 2017-06-18 16:30 GMT+08:00 Aaron West <aaron at loadbalancer.org>:
> > > > >
> > > > > > Hi Linbo,
> > > > > >
> > > > > > I assume you mean on the loopback adapter? If so then use a
> > > > > 255.255.255.255
> > > > > > or /32 for safety, not all OS's may need it as there can be many
> > ways
> > > > to
> > > > > > make it not respond to ARP, however, this also helps as you are
> > > telling
> > > > > the
> > > > > > OS it's a single address.
> > > > > >
> > > > > > Or do you mean the "netmask" in the ldirectord config which
> affects
> > > > > > persistence? When this is at the default of 255.255.255.255
> > > persistence
> > > > > > will work per source address so 192.168.0.10 and 192.168.0.11
> would
> > > get
> > > > > > stuck to different servers. If you set 255.255.255.0 then they
> > would
> > > > both
> > > > > > hit the same server as persistence would work by subnet so the
> > whole
> > > > > > 192.168.0.0/24 subnet would be stuck to the first server.
> > > > > >
> > > > > > Hope that's relevant to your question and makes sense...
> > > > > >
> > > > > >
> > > > > > Aaron West
> > > > > >
> > > > > > Loadbalancer.org
> > > > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017
> >
> > > > > >
> > > > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > > > <https://twitter.com/loadbalancerorg>
> > > > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-
> company-name
> > >
> > > > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > > > overview&?gclid=ES2017>
> > > > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > > > aaron at loadbalancer.org
> > > > > >
> > > > > > LEAVE A REVIEW
> > > > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > > > DEPLOYMENT
> > > > > > GUIDES
> > > > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > > > deployment-guides&?gclid=ES2017>
> > > > > >  | BLOG <https://www.loadbalancer.org/
> ?category=blog&?gclid=ES2017
> > >
> > > > > >
> > > > > > On 18 June 2017 at 01:16, linbo liao <llbgurs at gmail.com> wrote:
> > > > > >
> > > > > > > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no
> netmask
> > > > > support
> > > > > > in
> > > > > > > configuration, the default netmask is 255.255.255.255. I test
> > > default
> > > > > > > netmask, looks everything works fine.
> > > > > > >
> > > > > > > So what's the proper netmask for vip, 255.255.255.255 or
> > > > 255.255.255.0?
> > > > > > >
> > > > > > > Thanks,
> > > > > > > Linbo
> > > > > > > _______________________________________________
> > > > > > > Please read the documentation before posting - it's available
> at:
> > > > > > > http://www.linuxvirtualserver.org/
> > > > > > >
> > > > > > > LinuxVirtualServer.org mailing list -
> > lvs-users at LinuxVirtualServer.
> > > > org
> > > > > > > Send requests to lvs-users-request at LinuxVirtualServer.org
> > > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > > >
> > > > > > _______________________________________________
> > > > > > Please read the documentation before posting - it's available at:
> > > > > > http://www.linuxvirtualserver.org/
> > > > > >
> > > > > > LinuxVirtualServer.org mailing list -
> lvs-users at LinuxVirtualServer.
> > > org
> > > > > > Send requests to lvs-users-request at LinuxVirtualServer.org
> > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > >
> > > > > _______________________________________________
> > > > > Please read the documentation before posting - it's available at:
> > > > > http://www.linuxvirtualserver.org/
> > > > >
> > > > > LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.
> > org
> > > > > Send requests to lvs-users-request at LinuxVirtualServer.org
> > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > >
> > > > _______________________________________________
> > > > Please read the documentation before posting - it's available at:
> > > > http://www.linuxvirtualserver.org/
> > > >
> > > > LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.
> org
> > > > Send requests to lvs-users-request at LinuxVirtualServer.org
> > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > >
> > > _______________________________________________
> > > Please read the documentation before posting - it's available at:
> > > http://www.linuxvirtualserver.org/
> > >
> > > LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> > > Send requests to lvs-users-request at LinuxVirtualServer.org
> > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > >
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> > Send requests to lvs-users-request at LinuxVirtualServer.org
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>


More information about the lvs-users mailing list