sstanaitis at dpsource
Apr 15, 2011, 7:48 AM
Post #1 of 1
[lvs-users] Checkpoint R75 Cluster in front of LVS/KeepaliveD problem.
I've done some searching through the archives but haven't seen this
exact problem encountered yet.
I have a working Keepalived/LVS based load balancer configured on my LAN
which is balancing HTTP, HTTPS, and DNS traffic. The system is FC11
based, running kernel 18.104.22.168, Keepalived v1.1.17, and IP Virtual
Server 1.2.1. On the border of that subnet is a Checkpoint UTM-1 R75
based cluster. The problem I encounter also existed with Checkpoint
All the systems in the subnet communicate with a virtual cluster
interface on the Checkpoint. When the cluster has a failover event, the
secondary/standby member will assume the active role automatically, and
send out a GARP that updates the virtual cluster interface MAC address
to reflect its own physical interface's MAC address.
All of the systems in the subnet will then update their arp tables and
continue to communicate with the Checkpoint cluster via the same IP but
new MAC. The problem is that the load balancer stops communicating, and
its arp table still shows the MAC address of the primary cluster member
paired with the IP of the virtual cluster interface. When this occurs I
have to clear the arp table on the load balancer as well as restart
Keepalived for the traffic flow to resume.
Beyond implementing a hack that clears the arp tables in the event that
the balancer cannot communicate with the virtual interface of the
cluster due to a failover - is there some way to make it so the load
balancer accepts the GARP and recognizes the change?
Decorative Product Source, Inc.
Please read the documentation before posting - it's available at:
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users