ARP Issues in LVS/DR and LVS/TUN Clusters
Problems
In the LVS/DR and LVS/TUN clusters, we can see that the VIP address is shared by load balancer and all real servers. In order to make the LVS/DR and LVS/TUN clusters work, load balancer should broadcast the VIP address to accept incoming packets for virtual service, the real servers only use the VIP address to process the packets for VIP locally.
The ARP problem arises when real servers have one of their interfaces connected to the network that LVS/DR and LVS/TUN load balancer receives packets for VIP. For example, a LVS/DR or LVS/TUN cluster of the following topology needs to disable ARP for VIP address at real servers.
If we did not disable ARP for VIP address at real servers, there would be race condition in ARP response, then router might send requests for VIP to real servers directly instead of the load balancer. This would break the whole load balancing solution.
Solutions
- arptables
- The arp_announce/arp_ignore approach
- The hidden patch
- The redirect approach
- The policy routing approach
- The noarp module