Hello,
I don't see how my solution is broken by design. I see that
net.ipv4.ip_nonlocal_bind=1 is superior and widely used, so i'm using that
happily. But i still believe there's a bug or misdocumentation somewhere in
bind interface. Consider my setup: eth0: external ip address, used to ssh
On 2/12/13 7:32 AM, Cornelius Riemenschneider wrote:
The server is configured to listen to all traffic on eth1 to a specific port
(12340), so either traffic sent to its normal internal ip adress or to its VIP
address, in case keepalived assigned it to us will result in haproxy receiving
Ah okay, I expected bind :*12340 interface eth1 to listen to traffic coming to
the interface, not to bind to al ips which are bound to the interface at the
moment of starting haproxy. If that's really the case, the documentation of
bind interface could be improved.
Cornelius Riemenschneider
On 2/12/13 7:38 AM, Cornelius Riemenschneider wrote:
RE: Problems with 1.5-dev17 and bind to interface
Ah okay, I expected bind :*12340 interface eth1 to listen to traffic
coming to the interface, not to bind to al ips which are bound to the
interface at the moment of starting haproxy. If
On Tue, Feb 12, 2013 at 12:38 PM, Cornelius Riemenschneider
c...@itscope.dewrote:
**
Ah okay, I expected bind :*12340 interface eth1 to listen to traffic
coming to the interface, not to bind to al ips which are bound to the
interface at the moment of starting haproxy. If that's really the
Ah okay, I expected bind :*12340 interface eth1 to listen to traffic
coming to the interface, not to bind to al ips which are bound to the
interface at the moment of starting haproxy. If that's really the case,
the documentation of bind interface could be improved.
I think you misunderstood
On Tue, Feb 12, 2013 at 07:42:08AM -0500, David Coulson wrote:
On 2/12/13 7:38 AM, Cornelius Riemenschneider wrote:
RE: Problems with 1.5-dev17 and bind to interface
Ah okay, I expected bind :*12340 interface eth1 to listen to traffic
coming to the interface, not to bind to al ips which
On Mon, Feb 11, 2013 at 1:45 PM, Cornelius Riemenschneider c...@itscope.de
wrote:
**
Hello,
We try to use haproxy for internal load balancing in a high availability
setup together with keepalived and a virtual ip on the internal NIC.
We don't want to expose our internal services to the
Thanks for your answers, that kernel setting did help me.
But nevertheless, bind interface seems to be buggy, isn't it?
Thanks,
Cornelius Riemenschneider
--
ITscope GmbH
Ludwig-Erhard-Alle 20
76131 Karlsruhe
Email: cornelius.riemenschnei...@itscope.de
https://www.itscope.com
frontend nodes
maxconn 2400
bind :12340 interface eth1
default_backend nodes
but portscans from another node in the internal network show that 12340 is
sometimes open, but most of the it is closed.
We believe this is a bug in haproxy.
Probably haproxy starts when the VIP
On Mon, Feb 11, 2013 at 5:20 PM, Cornelius Riemenschneider
c...@itscope.dewrote:
**
Thanks for your answers, that kernel setting did help me.
But nevertheless, bind interface seems to be buggy, isn't it?
Thanks,
For a basic keepalived.conf from here
11 matches
Mail list logo