Absolutely, it's the standard real server configuration with sysctl arp tuning. Aa I said lvs2 doesn't know any mac of the real IP (arp -a empty) On 10 Jul 2015 12:58 am, "Jamie Dahl" <jam...@meatball.net> wrote:
> > So I am curious if you have made the following changes to your real > servers: > net.ipv4.conf.lo.arp_ignore=1 > net.ipv4.conf.lo.arp_announce=2 > net.ipv4.conf.all.arp_ignore=1 > net.ipv4.conf.all.arp_announce=2 > > What might be happening is lvs2 could be seeing the arp reply from the > servers for the VIP IP. The above settings will prevent internal/inside > traffic from bypassing your LVS cluster etc. > > > > > > > Hi list, > > > > I've a doubt about how connections to a VIP initiated on the same machine > > works. Let me explain with an example: > > I have 2 machines (lvs1 and lvs2) with keepalived (vrrp+LVS-DR). The > > cluster has a virtual server (10.0.1.1) with some real servers behind. > > lvs1 is the master and lvs2 is the backup. > > > > The strange thing I'm seeing and that I don't understand (at least as a > > feature) is that ig on lvs2 I try to connect to 10.0.1.1 > > it goes directly to the real servers without passing through lvs1. But > > 10.0.1.1 is not present on any lvs2 interfaces (ifconfig, ip addr) but > > only > > in the keepalived configuration. It's not even present in the ARP cache > > table. > > > > I was thinking that maybe, since it's known to LVS, this IP is somewhere > > in > > the ip_vs module and it's in earlier stage of the network stack, so any > > connection to it is handled by the LVS stack as if lvs2 were the MASTER. > > If > > I remove the virtual server from lvs2 keepalived, then a connection to > > 10.0.1.1 from lvs2 goes to the real servers through lvs1 as expected. > > > > Is this normal? Is this the expected behavior? If so, why? > > > > Thank you very much > > _______________________________________________ > > Please read the documentation before posting - it's available at: > > http://www.linuxvirtualserver.org/ > > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > > Send requests to lvs-users-requ...@linuxvirtualserver.org > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > > > > > -- > > > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > Send requests to lvs-users-requ...@linuxvirtualserver.org > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users