Does Red Hat support running a LVS router and a realserver on the same system?
Issue
-
It is technically possible to run an LVS router and an LVS real server on the same system (for example in a Content from www.austintek.com is not included.two-node configuration).
-
Is such a configuration supported by Red Hat?
Environment
- Red Hat Enterprise Linux
- Linux Virtual Server (LVS)
Resolution
No, Red Hat does not provide support for such a configuration. Red Hat only provides support for LVS configurations that have a dedicated LVS router node.
Root Cause
There are grave pitfalls associated with a configuration where the LVS router and an LVS real server run on the same system, both with the NAT routing approach and with the direct routing approach.
NAT Routing
Piranha configures the NAT router IP address on a secondary Ethernet interface on the director. This IP address is then used by the real servers as the default gateway.
If only two nodes are running LVS, then the secondary Ethernet interface on the node acting as the director will be used as the default gateway for all real servers. However, since the LVS router itself is also set up as a real server, it will also need configure it's own secondary Ethernet interface as its default gateway. This would cause a routing loop, and response packets from the real servers would never leave the LVS cluster (More specifically, the node acting as the director).
Direct Routing
This method requires that the LVS router and real servers are all attached to the same network segment. The LVS router forwards incoming requests to the real servers, which then directly route a response to the client. This is achieved by assigning a virtual IP address to the LVS router and each of the real servers on the network segment on a secondary Ethernet interface. Since the same IP address is assigned to the LVS router and all real servers, and since they are all on the same domain, the real servers have to be configured not to respond to ARP requests for the virtual address. This ensures that the only ARP responses to the virtual IP address come from the LVS router. This is achieved using arptables to drop ARP requests coming into each of the real servers.
If only two nodes are running LVS, then each of them must be configured not to respond to ARP requests for the virtual IP address. However, since one of those nodes is also configured as LVS router, it must me able to respond to ARP requests. This creates a conflict of requirements.