Using policy routing to disable ARP
Introduction
The classic TCP/IP routing algorithms used today make their routing decisions based only on the destination address of IP packets. However, we often find ourselves wanting to route IP packets depending not only on the destination addresses, but also on other packet fields such as the source address, the IP protocol, the transport protocol ports, or even data within the packet payload. This type of IP routing is referred to as "policy routing".
Disable ARP for VIP
Julian suggested to use the advanced policy routing approach to get around the ARP problem of the real servers in the LVS/DR and LVS/TUN clusters. For example, 172.26.20.118 is the VIP address, and the commands are as follows:
# Block access from the LAN to the real server's VIP. By # this way we ignore the router's ARP probes. The drawback: # we ignore the client's probes too. We have to do this # because the client on the LAN can receive replies from all # real servers ip rule add prio 99 from 172.26.20/24 table 99 ip route add table 99 blackhole 172.26.20.118
# Now accept locally any other traffic, i.e. not from # 172.26.20/24 ip rule add prio 100 table 100 ip route add table 100 local 172.26.20.118 dev lo
Policy routing is faster than the REDIRECT approach, but the client on the same LAN cannot access the virtual service on the VIP. The real servers ignore the traffic from the LAN to the VIP, in order to discard the ARP request for the VIP too.
