I found this recent and comprehensive documentation that is missing one important thing. It tells that we need add a VIP, but to what? I have machines that have 2 ethernet cards. On are on an internal subnet 172.21.4.32 and so on, and the others go though the router to the outside: 66.124.8.1 and so on. When it says "set up a VIP" and that it can be "pinged from the outside" I am totally lost. Do I do an ifconfig on eth0:1 or something like that? What ip address should I use? If I make it part of the internal network, then I can't get to it from the outside, if I make it part of the external, then the machines inside can't see it. HELP!!
Don ([email protected]) Adding the VIP to the load balancer requires no special configuration apart from adding a virtual address. In part two of this article series, the heartbeat program will be adding and removing this address as a configured “resource,” but at present you will configure it manually. It is important that you set up the VIP in such a way that the default route out of the machine is still via the primary address (the RIP). This is done by defining the subnet mask to be 255.255.255.255 (32 in CIDR notation). Set it up as an additional address on |eth0|. When adding the VIP to the nodes, it is essential that the IP address is unresolvable to the network via ARP. If it were, the load balancer would become unreachable. In order to hide the address, you need to set some kernel “sysctl” parameters by editing |/etc/sysctl.conf|. Look in your distribution’s documentation to confirm this file is not auto-generated from other files or by a configuration utility. Set the following parameters: [3 <http://tag1consulting.com/Scalable_Linux_Clusters_with_LVS_Part_I#3>] |net.ipv4.conf.all.arp_ignore = 1| |net.ipv4.conf.all.arp_announce = 2| This ensures that interfaces will only answer ARP requests for IP addresses that belong to them, as opposed to all IP addresses on the machine. For example, if the VIP is a virtual address on the loopback device (|lo|), then the RIP (|eth0|) will not advertise it. Run |sysctl -p| as root, or, if you are familiar with it, use the |/proc/sys/| interface to set these values. Now that you have set these parameters, you may add the VIP to |lo|. This will be similar to configuring the VIP on the load balancer, except that the addiional address is for |lo|, not |eth0|. Again, ensure that the netmask of the address is 255.255.255.255. Time to test. The service you are running on the nodes must be configured to listen on both the RIP and VIP addresses. Assuming your firewall policy allows pings, you should still be able to ping the RIP of each node from a third-party machine unrelated to the load balancer setup. Next, try pinging the RIP of each node from the load balancer; connectivity to the node from the load balancer will be necessary once you configure the load balancers to check the nodes for availability. Lastly, pinging the VIP from off-network should result in a response from the load balancer. _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
