Dear Graeme, On 6 February 2013 10:34, Graeme Fowler <gra...@graemef.net> wrote:
> My solution to this was to use the iptables MARK module to apply an > fwmark value to incoming traffic on the directors which is NOT from the > MAC address of the other director(s) in the system, and then setup the > LVS using the ipvsadm -f parameter to match those packets. > > This way the incoming packets from the upstream router are marked, but > those being sent from the other director are not. In turn, those from > the upstream router are then handled using LVS; those from the other > director are not. > We have this in place already, and in our case it does not work. It seems we have spurious packets somewhere in the system that trigger the packet flood. Note - the flood does not escalate - it just keeps bouncing the same packet back and forth, and at some stage that ping-ponging also stops. I am wondering whether in our case this is related to the bridge set-up, however I have not been able to find out how to track this down yet. Best regards Jan _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
