请教关于VS/TUN模式下ARP问题

Submitted by shydmoto on 周四, 2006-08-10 14:20

请教各位!
在VS/TUN模式中,RealServer上可否用Netfilter redirect技术?
我看文档(http://www.linuxvirtualserver.org/docs/arp.html)中提到如下:
*****
For VS/TUN clusters, you can simply configure tunl0 up so that the system can decapsulate ipip packets properly, then add the REDIRECT commands for VIPs.

For iptables in kernel 2.4, you can use it as follows:

iptables -t nat -A PREROUTING -p tcp -d --dport -j REDIRECT --to-port
*****

假设我的Director上的VIP是eth0:0(172.16.172.201/32),V-Port是80(HTTP服务)
我的RealServer的DIP在eth0上,是172.16.172.205/24

如果用iptables技术,该如何配置呢?文档中说"you can simply configure tunl0 up so that the system can decapsulate ipip packets properly",这是什么意思呢?tunl0是否还需要配置IP地址(VIP)?

另外,如过我的RealServer与Director不在同一个网络里,比如,Director在电信机房,VIP也是电信IP地址.而我的RealServer在网通机房,DIP是网通IP地址.这样的情况下该如何配置???

我看了LVS-HOWTO,还是有些疑问!请大家指教!!!

谢谢

Forums:

shydmoto

周四, 2006-08-10 14:25

VS/TUN模式,在Director和RealServer同一个子网中已经配置通过.
RealServer的ARP问题,是用arp_ignore和arp_announce这两个设备标记解决的,没有应用arp hidden补丁.

还是希望大家指教关于在LAN中如何在RealsServer上用iptables(Netfilter)解决.还有就是在WAN(Internet)环境中,如何配置VS/TUN模式,因为在LAN中,VS/TUN的意义应该不是很大,直接用VS/DR模式好了.呵呵

shydmoto

周五, 2006-08-11 05:06

:)

linuxcn.com

周一, 2006-08-14 02:28

我连在LAN中都没有配置成功过这个LVS/TUN呢

一直关注这个话题

为什么我用arp_ignore和arp_announce不能避免ARP的问题呢?

shydmoto,你能把你在LAN环境下的Direct机器和Realserver机器的LVS/TUN配置帖出来看看吗

谢谢

shydmoto

周一, 2006-08-14 06:08

****Director*****
DIP=172.16.172.200/24(Eth0)
VIP=172.16.172.201/32(Eth0:0)
*****RealServer(1&2)*****
RIP1=172.16.172.205/24(Eth0)
RIP2=172.16.172.203/24(Eth0)
VIP=172.16.172.201/32(Tunl0)

*****Director*****
# cat /etc/rc.local
/sbin/ifconfig eth0:0 172.16.172.201 netmask 255.255.255.255 broadcast 172.16.172.255 up
/sbin/route add -host 172.16.172.201 dev eth0:0
/sbin/ipvsadm -C
/sbin/ipvsadm -A -t 172.16.172.201:80 -s rr
/sbin/ipvsadm -a -t 172.16.172.201:80 -r 172.16.172.205 -i -w 1
/sbin/ipvsadm -a -t 172.16.172.201:80 -r 172.16.172.203 -i -w 1

*****RealServer*****
# cat /etc/rc.local
/sbin/modprobe ipip
/sbin/ifconfig tunl0 172.16.172.201 netmask 255.255.255.255 broadcast 172.16.172.201 up
/sbin/route add -host 172.16.172.201 dev tunl0
/bin/echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
/bin/echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
/bin/echo "1" > /proc/sys/net/ipv4/conf/tunl0/arp_ignore
/bin/echo "2" > /proc/sys/net/ipv4/conf/tunl0/arp_announce
/bin/echo "0" > /proc/sys/net/ipv4/conf/tunl0/rp_filter