0

I have a barracuda load balancer and a VIP which in turn forwards to a cluster of servers. Each of these servers has the VIP added to the loopback interface as the load balancer is on direct server response.

I've been using this method for almost a couple years without a problem, however the other day I needed to add an additional IP address to the cluster/load balancer. I added the loopback interface before I put it on the load balancer.

The problem now is that if I try to go to public-ip-here:80 it works perfectly fine though, as if it's not a loopback? I can ssh to the ip and any other service as well. If I add it to my load balancer and try to forward it the way I am my other servers, it will connect directly to the server instead of using the load balancer as expected.

Here is an example of the interface with the actual public IP redacted:

lo:6      Link encap:Local Loopback  
          inet addr:123.123.123.123  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:16436  Metric:1

I'm at a loss on how to fix this and google has not been much help.

skrilled
  • 51
  • 6

1 Answers1

2

Sounds like you are using DR (Driect Routing ) mode and you need to handle the ARP problem. Your real server must not announce to the rest of the network that it owns the 123.123.123.123 VIP address. Different versions of linux react in different ways. Take a look at page 69 of the loadbalancer.org manual: http://pdfs.loadbalancer.org/loadbalanceradministrationv7.pdf

Arp control is needed on ALL interfaces i.e.: net.ipv4.conf.all.arp_ignore=1 net.ipv4.conf.eth0.arp_ignore=1 net.ipv4.conf.eth1.arp_ignore=1 net.ipv4.conf.all.arp_announce=2 net.ipv4.conf.eth0.arp_announce=2 net.ipv4.conf.eth1.arp_announce=2

or you might find the iptables method easier: iptables -t nat -A PREROUTING -p tcp -d 123.123.123.123 -j REDIRECT

Malcolm turnbull
  • 827
  • 6
  • 6