LVS DR model Arp_announce Arp_ignore turn

The DR modelScalable Cache Service

Dr Core: The response process does not go through the DirectorDr Model Highlights: A. There are 3 ways to achieve this: only allow Director to respond to Router's dynamic ARP broadcast requests for VIPs, prevent VIP on RS from directly communicating with front-end routing1, modify the route, using static ARP;2, the use of Arptables on the RS, prohibit the response to the VIP ARP broadcast request;3. Modify the kernel parameters on the RS and configure the VIP on the alias of different interface with RIP; B. When the diretor transmits the message to Real Server, the VIP must be the target IP, and diretor the message to do the following actions: Modify the message of the target MAC is a real server Mac, to ensure that the message is sent to the real server   C. Forcefully define the routing rules and explicitly tell Linux that the source IP that responds as long as the access target is VIP must be a VIP  

D. The next host must be the gateway to the eth0 (RIP) When the response message is delivered from eth0.

Explanation of kernel parameters for tuning:

  we generally use the modified kernel parameter, to block the Real Server to the VIP ARP response and notification, the process is explained as follows: background:Host has more than one network card, but in a different network segment, such as Eth0:net0 eth1:net1 Eth2:net2 ..., if the host of NET0 network segment initiates ARP request, then host will put Eth0,eth1,eth2 ... The IP and Mac of the host's NIC device are sent to the net0, but the requester has 3 devices of IP and Mac (Eth0:ip mac, Eth1:ip mac Eth2:ip Mac) that can communicate with all 3 IPs, and actually       , only net0 within the Eth0 network card to his IP and Mac to communicate, and eth1,eth2 to the IP and Mac for the request side is meaningless, how is the ARP request can accurately find the address can communicate? After kernel 2.4.26 and 2.6.4, 2 network card device identities were introduced: Arp_ignor/arp_announc for tuning ARP stack working mode Arp_ignore used to define response throttling level ARP _announce is used to define the notification limit level for example: notification: Before the host accesses NET 3.0 kernel: Advertise device 1.1 IP and Mac with device 3.1 IP and Mac kernel: Tell kernel: arp_announce=2 only advertise device 3.1 IP and Mac announcement only: IP and Mac of the network cardApr ignore: When ARP broadcasts from net 3.0 before kernel: Response Device 1.1 IP and Mac with device 3.1 IP with Mac kernel: Tell kernel: arp_ignore=1 only responds to device 3.1 IP and Mac ARP Request to enter the NIC, only respond to IP and Mac that enter the NIC that device declares arp_announce=2 arp_ignore=1 to the kernel. This means that the device manages its own device, without the need for other devices to advertise it, so that ARP broadcasts can find an address for accurate communication.       LVS DR Model for a public network addressCons: Need to do a direct route to make the request reach the Internet LVS DR Model for public network address (VIP and RIP same network segment)Of course this is more commonly used, save the routing fee, but also solve the load bottleneck caused by the route, of course, the public network IP needs their own money planning: (192.168.195.0 is my virtual machine gateway is the network segment, to be free to surf the internet, where the public network IP used)

Real Server Configuration Resolving ARP issues  Configure the Echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce specially configured L for the interface O (Tell kernel my device I'm on my own, the rest of you.) echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 >/proc/sys/net/i Pv4/conf/lo/arp_announce is not used to communicate, but in response to the client, the VIP as the source address (shielding itself in response to the VIP request)/sbin/ifconfig lo:0 $VIP broadcast $VIP Netmask 255.255.255.255 up defines the destination address is the VIP message out of the message device is Lo:0/sbin/route add-host $VIP Dev lo:0

Real Server 1:

[Email protected] ~]# echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore
[Email protected] ~]# echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce
[Email protected] ~]# echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore
[Email protected] ~]# echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
[Email protected] ~]# ifconfig lo:0 192.168.195.150 broadcast 192.168.195.171 netmask 255.255.255.255 up
[Email protected] ~]# route add-host 192.168.195.150 Dev lo:0
[Email protected] ~]# route-n
Kernel IP Routing Table
Destination Gateway genmask Flags Metric Ref use Iface
192.168.195.150 0.0.0.0 255.255.255.255 UH 0 0 0 Lo
192.168.195.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.195.2 0.0.0.0 UG 0 0 0 eth0

[Email protected] ~]# ifconfig eth0
Link encap:ethernet HWaddr 00:0c:29:6f:42:49
inet addr:192.168.195.171 bcast:192.168.195.255 mask:255.255.255.0
Inet6 addr:fe80::20c:29ff:fe6f:4249/64 scope:link up broadcast RUNNING multicast mtu:1500 metric:1           RX packets:746 errors:0 dropped:0 overruns:0 frame:0 TX packets:471 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:68969 (67           .3 KiB) TX bytes:53295 (52.0 KiB) lo Link encap:local Loopback inet addr:127.0.0.1 mask:255.0.0.0 Inet6 addr::: 1/128 scope:host up LOOPBACK RUNNING mtu:16436 metric:1 RX packets:0 errors:0 Dr           opped:0 overruns:0 frame:0           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0  (0.0 b) TX bytes:0      (0.0 b) lo:0 Link encap:local Loopback
inet addr:192.168.195.150 mask:255.255.255.255 up LOOPBACK RUNNING mtu:16436 metric:1

Real Server 2

[Email protected] ~]# echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore
[Email protected] ~]# echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce



[Email protected] ~]# route add-host 192.168.195.150 Dev lo:0

Director Configuration  Ipvs messages need to be exported Ipforwardecho 1 >/proc/sys/net/ipv4/ip_forward because the director's VIP is used to provide services, it must be configured on the egress NIC, and Direcotor has a di P so you must define the route/sbin/ifconfig eth0:1 $VIP broadcast $VIP netmask 255.255.255.255 up/sbin/route add-host $VIP dev eth0:1 empty IPT Ables avoiding conflicts, emptying ipvsadm, re-setting rules [[email protected] ~]# iptables-f[[email protected] ~]# Iptables-z[[email protected] ~]# ipvsadm-z provides Cluster service/sbin/ipvsadm-a-t $VIP: 80-s WLC provides real server/sbin/ipvsadm-a-t $VIP: 80-r $RIP 1-g-W $RSWEIGHT 1/sbin/ipvsadm-a-T $VIP: 80-r $RIP 2-g-W $RSWEIGHT 2

Director Configuration

[Email protected] ~]# ipvsadm-a-t 192.168.195.150:80-s WLC
[[email protected] ~]# ipvsadm-a-T 192.168.195.150:80-r 192.168.195.170-g-W 1
[[email protected] ~]# ipvsadm-a-T 192.168.195.150:80-r 192.168.195.171-g-W 2

IP Virtual Server version 1.2.1 (size=4096) Prot Localaddress:port         
      Conns   inpkts  outpkts  
  -Remoteaddress:port TCP  192.168.195.150:80               5091    25495        0  1824257        0  
192.168.195.170:80               1703     8534        0   612007        0   192.168.195.171:80               3388    16961        0  1212250        0

LVS DR model Arp_announce Arp_ignore turn