Hello,
You need more info about the hidden device usage.
Here it is. Later in this text LVS is Linux Virtual Server.
http://www.linuxvirtualserver.org
Here the feature usage is explained very well:
http://www.linuxvirtualserver.org/arp.html
In essential the problem is: we have IPV4 address
(VIP, Virtual IP) configured on many hosts on one LAN. This
can be a web cluster for example. All web hosts are "hidden"
on this LAN after a Director (on the same LAN). The clients
see only the Director and they send their packets to him.
But these replies are forwarded to the internal web server
and the answer is not returned through the Directed, i.e.
this is the difference from the masquerading. The ougoing
trafficc has its own path. The Director is not a default
gateway for the web servers. This setup is normal for a such
cluster:
CLIENTS
|
ROUTER
|
switched hub
/ | \
Director Web1 Web2 ...
The request: http://VIP/
client -> router -> director -> web1/web2 -> router -> client
This is the simplest variant. The more complex is using many
routers for the incoming and many routers for the outgoing
traffic.
The Director is just a router which forwards the incoming
requests to the real servers based on some policy:
scheduling methods.
We want:
1. only one to reply to the ARP requests for VIP, i.e. the
traffic to come to the Director and to be forwarded to one
of the real (internal) servers. If all hosts reply to the
Router's ARP broadcast requests we have a problem.
Filters? OK, the above can be handled using filters. Just
stop the ARP replies from the real servers.
2. the real servers must not broadcast ARP requests with
saddr=VIP because only the Director must announce VIP. For
this the real servers must announce another IP as source
address for the ARP request. I.e. requests such as "who-has
ROUTER tell VIP" are allowed for the Director only. The
real hosts must announce another visible (and uniq) IP
address to the router or the reply will not be received.
This can't be handled using a filter. This is a logic.
These are the minimum requirements from this
functionality for the LVS project. The LVS users hide "lo",
"dummy*" and even "tunl*". In fact, we want to hide IP
addresses, not devices.
Other peoples put many NICs on the same switched hub
and want the ARP replies to exit from one device only. They
"hide" all eth devices. They report problems without this
functionality because the Linux 2.2 host replies on each
device. I can't comment on this.
Regards
-- Julian Anastasov <uli@linux.tu-varna.acad.bg>- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:16 EST