[Keepalived-devel] dedicated lvs_sync_daemon interface - two directors not communicating
Status: Beta
Brought to you by:
acassen
Menu
▾
▴
[Keepalived-devel] dedicated lvs_sync_daemon interface - two directors not communicating
|
From: Vinnie <lis...@lv...> - 2003-07-29 08:12:07
|
Hello all, Have been trying to make my two keepalived LVS-NAT directors communicate with each other for IPVS connection synchronization on dedicated interfaces, not having much luck. Should preface this with the fact that I am still running keepalived 1.0.3 and IPVS v1.0.7. My previous setup, which works, was to have the internal (DMZ) interface of each keepalived director being used as the lvs_sync_daemon_interface, and this worked fine, the two directors can communicate, and when the director that is supposed to be the master is "up", it is in charge, and the one that is supposed to be the backup "kicks in" if the master box goes down - and connections are synchronized between them. However, with the third NIC in each box, connected direct via crossover cable, and keepalived configured to use this 3rd NIC as the lvs_sync_daemon interface, they are obviously not communicating. I have connectivity between machines on the 3rd interface, can ping one from the other, etc., but if I have keepalived running on both boxes, they both act as MASTER boxes, both are trying to have all the VIP's and routes, and things are generally not-so-good. ;) Is there something special I should be doing to have a dedicated IPVS connection sync interface in each keepalived director? I have verified that my firewall rules are not blocking multicast input or output on the 3rd interface, and also that I am allowing protocol 112 in and out. It just really looks to me like either keepalived or IPVS insists on using the other interfaces. By the way, I can confirm via my firewall logs that keepalived DOES leak multicast traffic out on the other interfaces. I have to have firewall rules to stop this traffic from leaking out of my external and DMZ interfaces, and what's worse, the source address of this traffic trying to leak out on these other interfaces is the internal IP addr of the sync interface... If any/all of these problems are corrected in newer keepalived releases please advise, I've been looking at the changelogs... thanks, vinnie |
