Hello Julian,
On Fri, May 05, 2000 at 02:41:14PM +0300, Julian Anastasov wrote:
> > > 2. the real servers must not broadcast ARP requests with
> > > saddr=VIP because only the Director must announce VIP. For
> > > this the real servers must announce another IP as source
> > > address for the ARP request. I.e. requests such as "who-has
> > > ROUTER tell VIP" are allowed for the Director only. The
> > > real hosts must announce another visible (and uniq) IP
> > > address to the router or the reply will not be received.
> > > This can't be handled using a filter. This is a logic.
> >
> > You may easily implement it without any kernel modifications.
> > Check how ARP engine selects source address. In the current kernels it picks
> > up the address from the same network without "secondary" flag.
>
> LVS doesn't use autoselection. The change in the
What autoselection are you speaking about?
> autoselection is included only to cover the "hidden"
> functionality. The VIP is local address (we can talk IP) but
> it is not advertised. I think, the feature is very clear.
> Look in arp_solicit. We can set per-device flag if the src
> IP address in the header can be announced. This is the
> trick which is not present in the arpfilter functionality
> (Andi, I see, the hidden functionality is not replaced from
> arpfilter) nor in fib_local_source (route.generic). I.e. the
> feature to hide some local IP addresses by not including
> them in the ARP requests, addresses which are shared in the
> LAN. This feature covers such shared IP addresses. It can't
> be tuned at routing level, at least this will be more
> difficult: to disable some local addresses to be announced
> in the ARP requests.
I do not understand you well.
Are you speaking about the problem that you send packets with VIP source but
want to use different IP address in the ARP request headers?
Well, with route.generic patch you _are able_ to solve the problem by
introducing a policy route for packets with src=GW and dst=VIP and
dev=your_dev as a non-local route. But it's not elegant. I agree that we
should try to find a more clear way to do it.
[snip]
> > BTW, I fix the plain-and-dumb ARP source selection in my patch.
> > ftp://ftp.sw.com.sg/pub/Linux/people/saw/kernel/v2.3/route.generic
> > (look at arp.c changes).
>
> I see. May be the fib_local_source call will be
> replaced with arp_local_src? May be we have problem here? We
> need a way to skip some local addresses and not to announce
> them as source of the ARP request: the shared local
> addresses.
Are you suggesting to stop to use skb source for ARP requests and use only
inet_select_addr() or fib_select_addr() or dedicated "ARP request" addresses?
In general case it increases the ARP traffic on the link, but it's perfectly
ok for me if this behavior may be turned on and off.
Does Andi's filters plus this change of arp_solicit() policy solve all the
problems for you network configurations?
Best regards
Andrey V.
Savochkin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:19 EST