Red Hat LINUX VIRTUAL SERVER 4.7 - ADMINISTRATION Guida di Installazione Scaricare il pdf (Pagina 31)

To configure each real server to ignore ARP requests for each virtual IP addresses, perform the

following steps:

1. Create the ARP table entries for each virtual IP address on each real server (the real_ip is the IP

the director uses to communicate with the real server; often this is the IP bound to eth0):

arptables -A IN -d <virtual_ip> -j DROP

arptables -A OUT -d <virtual_ip> -j mangle --mangle-ip-s <real_ip>

This will cause the real servers to ignore all ARP requests for the virtual IP addresses, and

change any outgoing ARP responses which might otherwise contain the virtual IP so that they

contain the real IP of the server instead. T he only node that should respond to ARP requests for

any of the VIPs is the current active LVS node.

2. Once this has been completed on each real server, save the ARP table entries by typing the

following commands on each real server:

service arptables_jf save

chkconfig --level 2345 arptables_jf on

The chkconfig command will cause the system to reload the arptables configuration on bootup

— before the network is started.

3. Configure the virtual IP address on all real servers using ifconfig to create an IP alias. For

example:

# ifconfig eth0:1 192.168.76.24 netmask 255.255.252.0 broadcast

192.168.79.255 up

Or using the iproute2 utility ip, for example:

# ip addr add 192.168.76.24 dev eth0

As previously noted, the virtual IP addresses can not be configured to start on boot using the Red

Hat system configuration tools. One way to work around this issue is to place these commands in

/etc/rc.d/rc.local.

4. Configure Piranha for Direct Routing. Refer to Chapter 4, Configuring the LVS Routers with

Piranha Configuration Tool for more information.

3.2.2. Direct Routing and iptables

You may also work around the ARP issue using the direct routing method by creating iptables firewall

rules. To configure direct routing using iptables, you must add rules that create a transparent proxy

so that a real server will service packets sent to the VIP address, even though the VIP address does not

exist on the system.

The iptables method is simpler to configure than the arptables_jf method. T his method also

circumvents the LVS ARP issue entirely, because the virtual IP address(es) only exist on the active LVS

director.

However, there are performance issues using the iptables method compared to arptables_jf, as

there is overhead in forwarding/masquerading every packet.

You also cannot reuse ports using the iptables method. For example, it is not possible to run two

separate Apache HT TP Server services bound to port 80, because both must bind to INADDR_ANY

instead of the virtual IP addresses.

To configure direct routing using the iptables method, perform the following steps:

Red Hat Enterprise Linux 4 Virtual Server Administration

1 2 ... 26 27 28 29 30 31 32 33 34 35 36 ... 58 59

Nessun commento

Red Hat LINUX VIRTUAL SERVER 4.7 - ADMINISTRATION Guida di Installazione Pagina 31