3.2.1. Direct Routing and arptables_jf

3.2.1. Direct Routing and arptables_jf

In order to configure direct routing using arptables_jf, each real server must have their virtual IP address configured, so they can directly route packets. ARP requests for the VIP are ignored entirely by the real servers, and any ARP packets that might otherwise be sent containing the VIPs are mangled to contain the real server's IP instead of the VIPs.

Using the arptables_jf method, applications may bind to each individual VIP or port that the real server is servicing. For example, the arptables_jf method allows multiple instances of Apache HTTP Server to be running bound explicitly to different VIPs on the system. There are also significant performance advantages to using arptables_jf over the iptables option.

However, using the arptables_jf method, VIPs can not be configured to start on boot using standard Red Hat Enterprise Linux system configuration tools.

To configure each real server to ignore ARP requests for each virtual IP addresses, perform the following steps:

  1. Create the ARP table entries for each virtual IP address on each real server (the real_ip is the IP the director uses to communicate with the real server; often this is the IP bound to eth0):

    arptables -A IN -d <virtual_ip> -j DROP
    arptables -A OUT -d <virtual_ip> -j mangle --mangle-ip-s <real_ip>
    

    This will cause the real servers to ignore all ARP requests for the virtual IP addresses, and change any outgoing ARP responses which might otherwise contain the virtual IP so that they contain the real IP of the server instead. The only node that should respond to ARP requests for any of the VIPs is the current active LVS node.

  2. Once this has been completed on each real server, save the ARP table entries by typing the following commands on each real server:

    service arptables_jf save

    chkconfig --level 2345 arptables_jf on

    The chkconfig command will cause the system to reload the arptables configuration on bootup — before the network is started.

  3. Configure the virtual IP address on all real servers using ifconfig to create an IP alias. For example:

    # ifconfig eth0:1 192.168.76.24 netmask 255.255.252.0 broadcast 192.168.79.255 up
    

    Or using the iproute2 utility ip, for example:

    # ip addr add 192.168.76.24 dev eth0
    

    As previously noted, the virtual IP addresses can not be configured to start on boot using the Red Hat system configuration tools. One way to work around this issue is to place these commands in /etc/rc.d/rc.local.

  4. Configure Piranha for Direct Routing. Refer to Chapter 4, Configuring the LVS Routers with Piranha Configuration Tool for more information.


Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.