View Single Post
Old 20th March 2009, 23:45
Tenebris Tenebris is offline
Junior Member
Join Date: Mar 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Loopback alias

I'm using CentOS 5 and I was following a tutorial out of several pages:

First, the O'Reilly Book, Linux System Administrator's Guide, under the chapter for load balancers.
Second,, which followed pretty much the same logic.

I even used the "correction" script from that was supposed to solve the loopback alias problem...
Except the the "correction" script locks out everything once it tries to raise the loopback alias. Also the correction script wants an executable that doesn't exist: /etc/ha.d/rc.d/arptables-noarp-addr_takeip. (I did a yum search for arptables and ended up installing arptables_jf, but that didn't install such an executable either).

I've tried experimenting with different configurations out of, including changing gate to masq and (gasp!) ipip.

I'm pretty sure my sysctl settings are correct, but here they are:
On my load balancer:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296

...and on my nodes:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2

...and my LB's is as follows:
real= gate
real= gate
receive="I'm alive!"

There is an "ldirectord.html" on each of the nodes that is successfully acknowledged... if the node is not running with a loopback alias. If I do set my node's loopback alias as follows:
ipconfig lo:0 netmask
...the node stops responding to the load balancer. However, I can still hit the node from anywhere else except the load balancer.

If I take the loopback alias down on the nodes, ldirectord says it can see the nodes, but any attempt to hit the virtual IP now times out.
Reply With Quote