so that begs a good question. why does keepalived/ipvs not take into accoun the loopback during healthchecking?
this was pounded out on my iPhone and i have fat fingers plus two left thumbs :) > On Aug 19, 2015, at 06:51, Alex Lopez <alxm...@gmail.com> wrote: > > if u are using direct return , how about the loopback addition to the real > servers ? > > > >> On Tue, Aug 18, 2015 at 10:44 PM, Jamie Dahl <jam...@meatball.net> wrote: >> >> so yah, i've always seen the following settings applied to >> /etc/sysctl.conf on linux hosts that are behind DR/DSR vips: >> net.ipv4.conf.lo.arp_ignore=1 >> net.ipv4.conf.lo.arp_announce=2 >> net.ipv4.conf.all.arp_ignore=1 >> net.ipv4.conf.all.arp_announce=2 >> [jdahl@proxy-3-edge ~]$ >> >> however after reading yoru email again, I'm not thinking this is the issue. >> >> I assume you are allowing a permit in iptables to the VIP IP on the real >> servers? >> >> >> >> > >> > Hello, >> > >> > I just configured an environment of two LVS servers with three real >> > servers, and it works fine ... in the same network. When we try to >> > access the web server through the virtual IP from another network, >> > suddenly it doesn't work, this noted in the fact that we can't access >> > the VIP, but it still works in the same network. But, if I shutdown one >> > of the servers, it works perfectly. >> > >> > My configuration is Direct Routing. My doubt is in the ARP >> > configuration. I read on section 6.8 at >> > http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.arp_problem.html >> > that the following commands must be executed to properly configure >> > arptables on every real server: >> > >> > # arptables -A IN -d $VIP -j DROP >> > # arptables -A OUT -s $VIP -j mangle --mangle-ip-s $RIP >> > >> > >> > But looking at RedHat documentation (I'm working with RHEL servers) >> > mentions on section 3.2.1 at >> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Virtual_Server_Administration/s1-lvs-direct-VSA.html#s2-lvs-direct-arptables-VSA >> > that the configuration to use is: >> > >> > arptables -A IN -d <virtual_ip> -j DROP >> > arptables -A OUT -d <virtual_ip> -j mangle --mangle-ip-s <real_ip> >> > >> > >> > So ... Austintek uses the VIP as a source on the OUT chain, but RedHat >> > uses it as a destiny. Can anyone tell me what is the right >> > configuration? And could it be the cause of my problem, not being able >> > to access my balancers with three real servers from outside the network? >> > Funny thing is, both configurations seem to work the same way, which one >> > is correct? >> > >> > Thanks in advance. >> > >> > Israel. >> > >> > >> > _______________________________________________ >> > Please read the documentation before posting - it's available at: >> > http://www.linuxvirtualserver.org/ >> > >> > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org >> > Send requests to lvs-users-requ...@linuxvirtualserver.org >> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users >> > >> >> >> -- >> >> >> >> _______________________________________________ >> Please read the documentation before posting - it's available at: >> http://www.linuxvirtualserver.org/ >> >> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org >> Send requests to lvs-users-requ...@linuxvirtualserver.org >> or go to http://lists.graemef.net/mailman/listinfo/lvs-users > _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users