Re: Direct Server Return and FreeBSD 5
John David Duncan wrote: > There's a load balancing configuration known as direct server return > (DSR), in which packets pass from the client through the load balancer to > the server, but then the replies from the server go directly to the client > (bypassing the load balancer). The way this works is that the load > balancer sends the server an IP packet with the virtual IP address as its > destination addr, inside an ethernet frame whose destination is the real > MAC addr of the server. The server replies with a normal packet using the > VIP as the source addr. > > The usual way to configure a BSD box to work this way is to bring up the > VIP as an alias on the loopback address, like this: >ifconfig lo0 add 1.2.3.4 netmask 0xff00 > > As far as I can tell from my testing, this trick just doesn't work on my > box running -CURRENT. In tcpdump I see packets coming in but none > going out. > > Does anybody know why, or what I would have to do to change the behavior? Rather than actually fixing the routing code, FreeBSD did a hack to save the inbound route for outbound responses, do the response goes out on the same interface the request came in on. It does not check for equivalency, when it does this. See the discussion in the -current list archives, a month or so ago. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Direct Server Return and FreeBSD 5
You need to set net.inet.ip.check_interface=0 John David Duncan ([EMAIL PROTECTED]) wrote: > > There's a load balancing configuration known as direct server return > (DSR), in which packets pass from the client through the load balancer to > the server, but then the replies from the server go directly to the client > (bypassing the load balancer). The way this works is that the load > balancer sends the server an IP packet with the virtual IP address as its > destination addr, inside an ethernet frame whose destination is the real > MAC addr of the server. The server replies with a normal packet using the > VIP as the source addr. > > The usual way to configure a BSD box to work this way is to bring up the > VIP as an alias on the loopback address, like this: >ifconfig lo0 add 1.2.3.4 netmask 0xff00 > > As far as I can tell from my testing, this trick just doesn't work on my > box running -CURRENT. In tcpdump I see packets coming in but none > going out. > > Does anybody know why, or what I would have to do to change the behavior? > > - JD > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-current" in the body of the message -- Paul Saab Technical Yahoo [EMAIL PROTECTED] - [EMAIL PROTECTED] - [EMAIL PROTECTED] Do You .. uhh .. Yahoo!? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Direct Server Return and FreeBSD 5
There's a load balancing configuration known as direct server return (DSR), in which packets pass from the client through the load balancer to the server, but then the replies from the server go directly to the client (bypassing the load balancer). The way this works is that the load balancer sends the server an IP packet with the virtual IP address as its destination addr, inside an ethernet frame whose destination is the real MAC addr of the server. The server replies with a normal packet using the VIP as the source addr. The usual way to configure a BSD box to work this way is to bring up the VIP as an alias on the loopback address, like this: ifconfig lo0 add 1.2.3.4 netmask 0xff00 As far as I can tell from my testing, this trick just doesn't work on my box running -CURRENT. In tcpdump I see packets coming in but none going out. Does anybody know why, or what I would have to do to change the behavior? - JD To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
