no arp 的问题,有点模糊了

Submitted by peixubin on 周三, 2010-04-28 04:02

看下面的文字:
To disable ARP for VIP at real servers, we just need to set arp_announce/arp_ignore sysctls at the interface connected to the VIP network. For example, real servers have eth0 connected to the VIP network with the VIP at interface lo, we will have the following commands.

echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce

意思是如果在realserver有个VIP配在lo上,那么arp_announce/arp_ignore应该配在VIP_NET的那个网卡上。但是我从网上的很多文章上都是说配置lo上的

Forums:

peixubin

周三, 2010-04-28 09:04

而且这个noarp的VIP也很怪,我在同网段ping不通,但是其他网段却能ping通

changtailiang

周五, 2010-05-07 05:32

不知道您是否弄清楚lo的作用是什么?您所谓同网段ping不通的时候源地址和目标地址都是哪些机器?

peixubin

周日, 2010-05-09 03:07

1.假设我的一台real server在eth0上地址为192.168.2.1,我在lo上配置noarp的vip:192.168.2.3时,应该是
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
还是
net.ipv4.conf.eth0.arp_ignore=1
net.ipv4.conf.eth0.arp_announce=2

2.ping的问题已经清楚,和交换机的arp cache有关

asram

周日, 2010-05-23 01:44

echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p
也推荐在realserver上使用arptables
arptables -F
arptables -A IN -d $VIP -j DROP
arptables -A OUT -s $VIP -j mangle --mangle-ip-s $RIP

peixubin

周三, 2010-05-26 10:40

请看下面的链接:http://kb.linuxvirtualserver.org/wiki/Using_arp_announce/arp_ignore_to_disable_ARP