Mailing List Archive

[lvs-users] netmask for vip?
If vip 192.168.0.111 from subnet 192.168.0.0/24, and no netmask support in
configuration, the default netmask is 255.255.255.255. I test default
netmask, looks everything works fine.

So what's the proper netmask for vip, 255.255.255.255 or 255.255.255.0?

Thanks,
Linbo
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Hi Linbo,

I assume you mean on the loopback adapter? If so then use a 255.255.255.255
or /32 for safety, not all OS's may need it as there can be many ways to
make it not respond to ARP, however, this also helps as you are telling the
OS it's a single address.

Or do you mean the "netmask" in the ldirectord config which affects
persistence? When this is at the default of 255.255.255.255 persistence
will work per source address so 192.168.0.10 and 192.168.0.11 would get
stuck to different servers. If you set 255.255.255.0 then they would both
hit the same server as persistence would work by subnet so the whole
192.168.0.0/24 subnet would be stuck to the first server.

Hope that's relevant to your question and makes sense...


Aaron West

Loadbalancer.org
www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>

<https://plus.google.com/+LoadbalancerOrg>
<https://twitter.com/loadbalancerorg>
<http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
<https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017>
<https://www.loadbalancer.org/?gclid=ES2017>
+1 888 867 9504 / +44 (0)330 380 1064
aaron@loadbalancer.org

LEAVE A REVIEW
<http://collector.reviews.io/loadbalancer-org-inc-/new-review> | DEPLOYMENT
GUIDES
<https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017>
| BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>

On 18 June 2017 at 01:16, linbo liao <llbgurs@gmail.com> wrote:

> If vip 192.168.0.111 from subnet 192.168.0.0/24, and no netmask support in
> configuration, the default netmask is 255.255.255.255. I test default
> netmask, looks everything works fine.
>
> So what's the proper netmask for vip, 255.255.255.255 or 255.255.255.0?
>
> Thanks,
> Linbo
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Sorry I miss the detailed information.

I mean the netmask of VIP in LVS director. LVS use keepalived to do HA.
Will vip netmask in LVS director affect the persistence ?

2017-06-18 16:30 GMT+08:00 Aaron West <aaron@loadbalancer.org>:

> Hi Linbo,
>
> I assume you mean on the loopback adapter? If so then use a 255.255.255.255
> or /32 for safety, not all OS's may need it as there can be many ways to
> make it not respond to ARP, however, this also helps as you are telling the
> OS it's a single address.
>
> Or do you mean the "netmask" in the ldirectord config which affects
> persistence? When this is at the default of 255.255.255.255 persistence
> will work per source address so 192.168.0.10 and 192.168.0.11 would get
> stuck to different servers. If you set 255.255.255.0 then they would both
> hit the same server as persistence would work by subnet so the whole
> 192.168.0.0/24 subnet would be stuck to the first server.
>
> Hope that's relevant to your question and makes sense...
>
>
> Aaron West
>
> Loadbalancer.org
> www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
>
> <https://plus.google.com/+LoadbalancerOrg>
> <https://twitter.com/loadbalancerorg>
> <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> <https://www.loadbalancer.org/?category=company&post-name=
> overview&?gclid=ES2017>
> <https://www.loadbalancer.org/?gclid=ES2017>
> +1 888 867 9504 / +44 (0)330 380 1064
> aaron@loadbalancer.org
>
> LEAVE A REVIEW
> <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> DEPLOYMENT
> GUIDES
> <https://www.loadbalancer.org/?category=resources&post-name=
> deployment-guides&?gclid=ES2017>
> | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
>
> On 18 June 2017 at 01:16, linbo liao <llbgurs@gmail.com> wrote:
>
> > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no netmask support
> in
> > configuration, the default netmask is 255.255.255.255. I test default
> > netmask, looks everything works fine.
> >
> > So what's the proper netmask for vip, 255.255.255.255 or 255.255.255.0?
> >
> > Thanks,
> > Linbo
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > Send requests to lvs-users-request@LinuxVirtualServer.org
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Linbo,

Yes, I believe it will be exactly the same, sorry for referencing
Ldirectord it's just what I'm used to using.

Did a quick google to verify my thoughts and this page backs me up as well
as being a nice read in itself:
http://www.ducea.com/2008/06/16/lvs-persistence/

Aaron West

Loadbalancer.org
www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>

<https://plus.google.com/+LoadbalancerOrg>
<https://twitter.com/loadbalancerorg>
<http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
<https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017>
<https://www.loadbalancer.org/?gclid=ES2017>
+1 888 867 9504 / +44 (0)330 380 1064
aaron@loadbalancer.org

LEAVE A REVIEW
<http://collector.reviews.io/loadbalancer-org-inc-/new-review> | DEPLOYMENT
GUIDES
<https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017>
| BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>

On 21 June 2017 at 14:37, linbo liao <llbgurs@gmail.com> wrote:

> Sorry I miss the detailed information.
>
> I mean the netmask of VIP in LVS director. LVS use keepalived to do HA.
> Will vip netmask in LVS director affect the persistence ?
>
> 2017-06-18 16:30 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
>
> > Hi Linbo,
> >
> > I assume you mean on the loopback adapter? If so then use a
> 255.255.255.255
> > or /32 for safety, not all OS's may need it as there can be many ways to
> > make it not respond to ARP, however, this also helps as you are telling
> the
> > OS it's a single address.
> >
> > Or do you mean the "netmask" in the ldirectord config which affects
> > persistence? When this is at the default of 255.255.255.255 persistence
> > will work per source address so 192.168.0.10 and 192.168.0.11 would get
> > stuck to different servers. If you set 255.255.255.0 then they would both
> > hit the same server as persistence would work by subnet so the whole
> > 192.168.0.0/24 subnet would be stuck to the first server.
> >
> > Hope that's relevant to your question and makes sense...
> >
> >
> > Aaron West
> >
> > Loadbalancer.org
> > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> >
> > <https://plus.google.com/+LoadbalancerOrg>
> > <https://twitter.com/loadbalancerorg>
> > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > <https://www.loadbalancer.org/?category=company&post-name=
> > overview&?gclid=ES2017>
> > <https://www.loadbalancer.org/?gclid=ES2017>
> > +1 888 867 9504 / +44 (0)330 380 1064
> > aaron@loadbalancer.org
> >
> > LEAVE A REVIEW
> > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > DEPLOYMENT
> > GUIDES
> > <https://www.loadbalancer.org/?category=resources&post-name=
> > deployment-guides&?gclid=ES2017>
> > | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> >
> > On 18 June 2017 at 01:16, linbo liao <llbgurs@gmail.com> wrote:
> >
> > > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no netmask
> support
> > in
> > > configuration, the default netmask is 255.255.255.255. I test default
> > > netmask, looks everything works fine.
> > >
> > > So what's the proper netmask for vip, 255.255.255.255 or 255.255.255.0?
> > >
> > > Thanks,
> > > Linbo
> > > _______________________________________________
> > > Please read the documentation before posting - it's available at:
> > > http://www.linuxvirtualserver.org/
> > >
> > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > >
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > Send requests to lvs-users-request@LinuxVirtualServer.org
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
I am not sure.

If I configure vip netmask, and use `ip a` it will print vip with netmask
information. But `-M netmask` is show in `ipvsadm -Ln`.

I think there are different thing.

Thanks,
Linbo


2017-06-21 22:01 GMT+08:00 Aaron West <aaron@loadbalancer.org>:

> Linbo,
>
> Yes, I believe it will be exactly the same, sorry for referencing
> Ldirectord it's just what I'm used to using.
>
> Did a quick google to verify my thoughts and this page backs me up as well
> as being a nice read in itself:
> http://www.ducea.com/2008/06/16/lvs-persistence/
>
> Aaron West
>
> Loadbalancer.org
> www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
>
> <https://plus.google.com/+LoadbalancerOrg>
> <https://twitter.com/loadbalancerorg>
> <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> <https://www.loadbalancer.org/?category=company&post-name=
> overview&?gclid=ES2017>
> <https://www.loadbalancer.org/?gclid=ES2017>
> +1 888 867 9504 / +44 (0)330 380 1064
> aaron@loadbalancer.org
>
> LEAVE A REVIEW
> <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> DEPLOYMENT
> GUIDES
> <https://www.loadbalancer.org/?category=resources&post-name=
> deployment-guides&?gclid=ES2017>
> | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
>
> On 21 June 2017 at 14:37, linbo liao <llbgurs@gmail.com> wrote:
>
> > Sorry I miss the detailed information.
> >
> > I mean the netmask of VIP in LVS director. LVS use keepalived to do HA.
> > Will vip netmask in LVS director affect the persistence ?
> >
> > 2017-06-18 16:30 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
> >
> > > Hi Linbo,
> > >
> > > I assume you mean on the loopback adapter? If so then use a
> > 255.255.255.255
> > > or /32 for safety, not all OS's may need it as there can be many ways
> to
> > > make it not respond to ARP, however, this also helps as you are telling
> > the
> > > OS it's a single address.
> > >
> > > Or do you mean the "netmask" in the ldirectord config which affects
> > > persistence? When this is at the default of 255.255.255.255 persistence
> > > will work per source address so 192.168.0.10 and 192.168.0.11 would get
> > > stuck to different servers. If you set 255.255.255.0 then they would
> both
> > > hit the same server as persistence would work by subnet so the whole
> > > 192.168.0.0/24 subnet would be stuck to the first server.
> > >
> > > Hope that's relevant to your question and makes sense...
> > >
> > >
> > > Aaron West
> > >
> > > Loadbalancer.org
> > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> > >
> > > <https://plus.google.com/+LoadbalancerOrg>
> > > <https://twitter.com/loadbalancerorg>
> > > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > > <https://www.loadbalancer.org/?category=company&post-name=
> > > overview&?gclid=ES2017>
> > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > +1 888 867 9504 / +44 (0)330 380 1064
> > > aaron@loadbalancer.org
> > >
> > > LEAVE A REVIEW
> > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > DEPLOYMENT
> > > GUIDES
> > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > deployment-guides&?gclid=ES2017>
> > > | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> > >
> > > On 18 June 2017 at 01:16, linbo liao <llbgurs@gmail.com> wrote:
> > >
> > > > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no netmask
> > support
> > > in
> > > > configuration, the default netmask is 255.255.255.255. I test default
> > > > netmask, looks everything works fine.
> > > >
> > > > So what's the proper netmask for vip, 255.255.255.255 or
> 255.255.255.0?
> > > >
> > > > Thanks,
> > > > Linbo
> > > > _______________________________________________
> > > > Please read the documentation before posting - it's available at:
> > > > http://www.linuxvirtualserver.org/
> > > >
> > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> org
> > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > >
> > > _______________________________________________
> > > Please read the documentation before posting - it's available at:
> > > http://www.linuxvirtualserver.org/
> > >
> > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > >
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > Send requests to lvs-users-request@LinuxVirtualServer.org
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Linbo,

Sorry, if you mean directly on the interface of the director so when you
check the output of "ip a" then I'd use the netmask of the network, I
thought you meant the netmask setting for LVS itself.



Aaron West

Loadbalancer.org
www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>

<https://plus.google.com/+LoadbalancerOrg>
<https://twitter.com/loadbalancerorg>
<http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
<https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017>
<https://www.loadbalancer.org/?gclid=ES2017>
+1 888 867 9504 / +44 (0)330 380 1064
aaron@loadbalancer.org

LEAVE A REVIEW
<http://collector.reviews.io/loadbalancer-org-inc-/new-review> | DEPLOYMENT
GUIDES
<https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017>
| BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>

On 21 June 2017 at 15:20, linbo liao <llbgurs@gmail.com> wrote:

> I am not sure.
>
> If I configure vip netmask, and use `ip a` it will print vip with netmask
> information. But `-M netmask` is show in `ipvsadm -Ln`.
>
> I think there are different thing.
>
> Thanks,
> Linbo
>
>
> 2017-06-21 22:01 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
>
> > Linbo,
> >
> > Yes, I believe it will be exactly the same, sorry for referencing
> > Ldirectord it's just what I'm used to using.
> >
> > Did a quick google to verify my thoughts and this page backs me up as
> well
> > as being a nice read in itself:
> > http://www.ducea.com/2008/06/16/lvs-persistence/
> >
> > Aaron West
> >
> > Loadbalancer.org
> > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> >
> > <https://plus.google.com/+LoadbalancerOrg>
> > <https://twitter.com/loadbalancerorg>
> > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > <https://www.loadbalancer.org/?category=company&post-name=
> > overview&?gclid=ES2017>
> > <https://www.loadbalancer.org/?gclid=ES2017>
> > +1 888 867 9504 / +44 (0)330 380 1064
> > aaron@loadbalancer.org
> >
> > LEAVE A REVIEW
> > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > DEPLOYMENT
> > GUIDES
> > <https://www.loadbalancer.org/?category=resources&post-name=
> > deployment-guides&?gclid=ES2017>
> > | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> >
> > On 21 June 2017 at 14:37, linbo liao <llbgurs@gmail.com> wrote:
> >
> > > Sorry I miss the detailed information.
> > >
> > > I mean the netmask of VIP in LVS director. LVS use keepalived to do HA.
> > > Will vip netmask in LVS director affect the persistence ?
> > >
> > > 2017-06-18 16:30 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
> > >
> > > > Hi Linbo,
> > > >
> > > > I assume you mean on the loopback adapter? If so then use a
> > > 255.255.255.255
> > > > or /32 for safety, not all OS's may need it as there can be many ways
> > to
> > > > make it not respond to ARP, however, this also helps as you are
> telling
> > > the
> > > > OS it's a single address.
> > > >
> > > > Or do you mean the "netmask" in the ldirectord config which affects
> > > > persistence? When this is at the default of 255.255.255.255
> persistence
> > > > will work per source address so 192.168.0.10 and 192.168.0.11 would
> get
> > > > stuck to different servers. If you set 255.255.255.0 then they would
> > both
> > > > hit the same server as persistence would work by subnet so the whole
> > > > 192.168.0.0/24 subnet would be stuck to the first server.
> > > >
> > > > Hope that's relevant to your question and makes sense...
> > > >
> > > >
> > > > Aaron West
> > > >
> > > > Loadbalancer.org
> > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> > > >
> > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > <https://twitter.com/loadbalancerorg>
> > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > overview&?gclid=ES2017>
> > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > aaron@loadbalancer.org
> > > >
> > > > LEAVE A REVIEW
> > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > DEPLOYMENT
> > > > GUIDES
> > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > deployment-guides&?gclid=ES2017>
> > > > | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> > > >
> > > > On 18 June 2017 at 01:16, linbo liao <llbgurs@gmail.com> wrote:
> > > >
> > > > > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no netmask
> > > support
> > > > in
> > > > > configuration, the default netmask is 255.255.255.255. I test
> default
> > > > > netmask, looks everything works fine.
> > > > >
> > > > > So what's the proper netmask for vip, 255.255.255.255 or
> > 255.255.255.0?
> > > > >
> > > > > Thanks,
> > > > > Linbo
> > > > > _______________________________________________
> > > > > Please read the documentation before posting - it's available at:
> > > > > http://www.linuxvirtualserver.org/
> > > > >
> > > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> > org
> > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > >
> > > > _______________________________________________
> > > > Please read the documentation before posting - it's available at:
> > > > http://www.linuxvirtualserver.org/
> > > >
> > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> org
> > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > >
> > > _______________________________________________
> > > Please read the documentation before posting - it's available at:
> > > http://www.linuxvirtualserver.org/
> > >
> > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > >
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > Send requests to lvs-users-request@LinuxVirtualServer.org
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
I have no idea.

Refer to
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.ipvsadm.html#netmask_for_VIP


- For LVS-DR, LVS-Tun: netmask for VIP on director, realservers must be
/32.

and Julian reply the post
http://archive.linuxvirtualserver.org/html/lvs-users/2016-12/msg00014.html

2. add VIP/32 on lo (for real server) or on eth0 (for director)

Thanks,

Linbo


2017-06-21 22:31 GMT+08:00 Aaron West <aaron@loadbalancer.org>:

> Linbo,
>
> Sorry, if you mean directly on the interface of the director so when you
> check the output of "ip a" then I'd use the netmask of the network, I
> thought you meant the netmask setting for LVS itself.
>
>
>
> Aaron West
>
> Loadbalancer.org
> www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
>
> <https://plus.google.com/+LoadbalancerOrg>
> <https://twitter.com/loadbalancerorg>
> <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> <https://www.loadbalancer.org/?category=company&post-name=
> overview&?gclid=ES2017>
> <https://www.loadbalancer.org/?gclid=ES2017>
> +1 888 867 9504 / +44 (0)330 380 1064
> aaron@loadbalancer.org
>
> LEAVE A REVIEW
> <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> DEPLOYMENT
> GUIDES
> <https://www.loadbalancer.org/?category=resources&post-name=
> deployment-guides&?gclid=ES2017>
> | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
>
> On 21 June 2017 at 15:20, linbo liao <llbgurs@gmail.com> wrote:
>
> > I am not sure.
> >
> > If I configure vip netmask, and use `ip a` it will print vip with
> netmask
> > information. But `-M netmask` is show in `ipvsadm -Ln`.
> >
> > I think there are different thing.
> >
> > Thanks,
> > Linbo
> >
> >
> > 2017-06-21 22:01 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
> >
> > > Linbo,
> > >
> > > Yes, I believe it will be exactly the same, sorry for referencing
> > > Ldirectord it's just what I'm used to using.
> > >
> > > Did a quick google to verify my thoughts and this page backs me up as
> > well
> > > as being a nice read in itself:
> > > http://www.ducea.com/2008/06/16/lvs-persistence/
> > >
> > > Aaron West
> > >
> > > Loadbalancer.org
> > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> > >
> > > <https://plus.google.com/+LoadbalancerOrg>
> > > <https://twitter.com/loadbalancerorg>
> > > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > > <https://www.loadbalancer.org/?category=company&post-name=
> > > overview&?gclid=ES2017>
> > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > +1 888 867 9504 / +44 (0)330 380 1064
> > > aaron@loadbalancer.org
> > >
> > > LEAVE A REVIEW
> > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > DEPLOYMENT
> > > GUIDES
> > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > deployment-guides&?gclid=ES2017>
> > > | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> > >
> > > On 21 June 2017 at 14:37, linbo liao <llbgurs@gmail.com> wrote:
> > >
> > > > Sorry I miss the detailed information.
> > > >
> > > > I mean the netmask of VIP in LVS director. LVS use keepalived to do
> HA.
> > > > Will vip netmask in LVS director affect the persistence ?
> > > >
> > > > 2017-06-18 16:30 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
> > > >
> > > > > Hi Linbo,
> > > > >
> > > > > I assume you mean on the loopback adapter? If so then use a
> > > > 255.255.255.255
> > > > > or /32 for safety, not all OS's may need it as there can be many
> ways
> > > to
> > > > > make it not respond to ARP, however, this also helps as you are
> > telling
> > > > the
> > > > > OS it's a single address.
> > > > >
> > > > > Or do you mean the "netmask" in the ldirectord config which affects
> > > > > persistence? When this is at the default of 255.255.255.255
> > persistence
> > > > > will work per source address so 192.168.0.10 and 192.168.0.11 would
> > get
> > > > > stuck to different servers. If you set 255.255.255.0 then they
> would
> > > both
> > > > > hit the same server as persistence would work by subnet so the
> whole
> > > > > 192.168.0.0/24 subnet would be stuck to the first server.
> > > > >
> > > > > Hope that's relevant to your question and makes sense...
> > > > >
> > > > >
> > > > > Aaron West
> > > > >
> > > > > Loadbalancer.org
> > > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> > > > >
> > > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > > <https://twitter.com/loadbalancerorg>
> > > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name
> >
> > > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > > overview&?gclid=ES2017>
> > > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > > aaron@loadbalancer.org
> > > > >
> > > > > LEAVE A REVIEW
> > > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > > DEPLOYMENT
> > > > > GUIDES
> > > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > > deployment-guides&?gclid=ES2017>
> > > > > | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017
> >
> > > > >
> > > > > On 18 June 2017 at 01:16, linbo liao <llbgurs@gmail.com> wrote:
> > > > >
> > > > > > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no netmask
> > > > support
> > > > > in
> > > > > > configuration, the default netmask is 255.255.255.255. I test
> > default
> > > > > > netmask, looks everything works fine.
> > > > > >
> > > > > > So what's the proper netmask for vip, 255.255.255.255 or
> > > 255.255.255.0?
> > > > > >
> > > > > > Thanks,
> > > > > > Linbo
> > > > > > _______________________________________________
> > > > > > Please read the documentation before posting - it's available at:
> > > > > > http://www.linuxvirtualserver.org/
> > > > > >
> > > > > > LinuxVirtualServer.org mailing list -
> lvs-users@LinuxVirtualServer.
> > > org
> > > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > >
> > > > > _______________________________________________
> > > > > Please read the documentation before posting - it's available at:
> > > > > http://www.linuxvirtualserver.org/
> > > > >
> > > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> > org
> > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > >
> > > > _______________________________________________
> > > > Please read the documentation before posting - it's available at:
> > > > http://www.linuxvirtualserver.org/
> > > >
> > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> org
> > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > >
> > > _______________________________________________
> > > Please read the documentation before posting - it's available at:
> > > http://www.linuxvirtualserver.org/
> > >
> > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > >
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > Send requests to lvs-users-request@LinuxVirtualServer.org
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Linbo,

This goes back to what I originally said.

I assume you mean on the loopback adapter? If so then use a 255.255.255.255
> or /32 for safety, not all OS's may need it as there can be many ways to
> make it not respond to ARP, however, this also helps as you are telling the
> OS it's a single address.


So use a /32 for safety unless you can't for some reason as this helps to
guarantee the real server will not respond to ARP requests for that VIP.
There are indeed many many ways depending on OS to solve the ARP issue...
Out of interest what OS are your real servers?

Aaron West

Loadbalancer.org
www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>

<https://plus.google.com/+LoadbalancerOrg>
<https://twitter.com/loadbalancerorg>
<http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
<https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017>
<https://www.loadbalancer.org/?gclid=ES2017>
+1 888 867 9504 / +44 (0)330 380 1064
aaron@loadbalancer.org

LEAVE A REVIEW
<http://collector.reviews.io/loadbalancer-org-inc-/new-review> | DEPLOYMENT
GUIDES
<https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017>
| BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>

On 21 June 2017 at 16:07, linbo liao <llbgurs@gmail.com> wrote:

> I have no idea.
>
> Refer to
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.
> ipvsadm.html#netmask_for_VIP
>
>
> - For LVS-DR, LVS-Tun: netmask for VIP on director, realservers must be
> /32.
>
> and Julian reply the post
> http://archive.linuxvirtualserver.org/html/lvs-users/2016-12/msg00014.html
>
> 2. add VIP/32 on lo (for real server) or on eth0 (for director)
>
> Thanks,
>
> Linbo
>
>
> 2017-06-21 22:31 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
>
> > Linbo,
> >
> > Sorry, if you mean directly on the interface of the director so when you
> > check the output of "ip a" then I'd use the netmask of the network, I
> > thought you meant the netmask setting for LVS itself.
> >
> >
> >
> > Aaron West
> >
> > Loadbalancer.org
> > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> >
> > <https://plus.google.com/+LoadbalancerOrg>
> > <https://twitter.com/loadbalancerorg>
> > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > <https://www.loadbalancer.org/?category=company&post-name=
> > overview&?gclid=ES2017>
> > <https://www.loadbalancer.org/?gclid=ES2017>
> > +1 888 867 9504 / +44 (0)330 380 1064
> > aaron@loadbalancer.org
> >
> > LEAVE A REVIEW
> > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > DEPLOYMENT
> > GUIDES
> > <https://www.loadbalancer.org/?category=resources&post-name=
> > deployment-guides&?gclid=ES2017>
> > | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> >
> > On 21 June 2017 at 15:20, linbo liao <llbgurs@gmail.com> wrote:
> >
> > > I am not sure.
> > >
> > > If I configure vip netmask, and use `ip a` it will print vip with
> > netmask
> > > information. But `-M netmask` is show in `ipvsadm -Ln`.
> > >
> > > I think there are different thing.
> > >
> > > Thanks,
> > > Linbo
> > >
> > >
> > > 2017-06-21 22:01 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
> > >
> > > > Linbo,
> > > >
> > > > Yes, I believe it will be exactly the same, sorry for referencing
> > > > Ldirectord it's just what I'm used to using.
> > > >
> > > > Did a quick google to verify my thoughts and this page backs me up as
> > > well
> > > > as being a nice read in itself:
> > > > http://www.ducea.com/2008/06/16/lvs-persistence/
> > > >
> > > > Aaron West
> > > >
> > > > Loadbalancer.org
> > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> > > >
> > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > <https://twitter.com/loadbalancerorg>
> > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > overview&?gclid=ES2017>
> > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > aaron@loadbalancer.org
> > > >
> > > > LEAVE A REVIEW
> > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > DEPLOYMENT
> > > > GUIDES
> > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > deployment-guides&?gclid=ES2017>
> > > > | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> > > >
> > > > On 21 June 2017 at 14:37, linbo liao <llbgurs@gmail.com> wrote:
> > > >
> > > > > Sorry I miss the detailed information.
> > > > >
> > > > > I mean the netmask of VIP in LVS director. LVS use keepalived to do
> > HA.
> > > > > Will vip netmask in LVS director affect the persistence ?
> > > > >
> > > > > 2017-06-18 16:30 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
> > > > >
> > > > > > Hi Linbo,
> > > > > >
> > > > > > I assume you mean on the loopback adapter? If so then use a
> > > > > 255.255.255.255
> > > > > > or /32 for safety, not all OS's may need it as there can be many
> > ways
> > > > to
> > > > > > make it not respond to ARP, however, this also helps as you are
> > > telling
> > > > > the
> > > > > > OS it's a single address.
> > > > > >
> > > > > > Or do you mean the "netmask" in the ldirectord config which
> affects
> > > > > > persistence? When this is at the default of 255.255.255.255
> > > persistence
> > > > > > will work per source address so 192.168.0.10 and 192.168.0.11
> would
> > > get
> > > > > > stuck to different servers. If you set 255.255.255.0 then they
> > would
> > > > both
> > > > > > hit the same server as persistence would work by subnet so the
> > whole
> > > > > > 192.168.0.0/24 subnet would be stuck to the first server.
> > > > > >
> > > > > > Hope that's relevant to your question and makes sense...
> > > > > >
> > > > > >
> > > > > > Aaron West
> > > > > >
> > > > > > Loadbalancer.org
> > > > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017
> >
> > > > > >
> > > > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > > > <https://twitter.com/loadbalancerorg>
> > > > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-
> company-name
> > >
> > > > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > > > overview&?gclid=ES2017>
> > > > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > > > aaron@loadbalancer.org
> > > > > >
> > > > > > LEAVE A REVIEW
> > > > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > > > DEPLOYMENT
> > > > > > GUIDES
> > > > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > > > deployment-guides&?gclid=ES2017>
> > > > > > | BLOG <https://www.loadbalancer.org/
> ?category=blog&?gclid=ES2017
> > >
> > > > > >
> > > > > > On 18 June 2017 at 01:16, linbo liao <llbgurs@gmail.com> wrote:
> > > > > >
> > > > > > > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no
> netmask
> > > > > support
> > > > > > in
> > > > > > > configuration, the default netmask is 255.255.255.255. I test
> > > default
> > > > > > > netmask, looks everything works fine.
> > > > > > >
> > > > > > > So what's the proper netmask for vip, 255.255.255.255 or
> > > > 255.255.255.0?
> > > > > > >
> > > > > > > Thanks,
> > > > > > > Linbo
> > > > > > > _______________________________________________
> > > > > > > Please read the documentation before posting - it's available
> at:
> > > > > > > http://www.linuxvirtualserver.org/
> > > > > > >
> > > > > > > LinuxVirtualServer.org mailing list -
> > lvs-users@LinuxVirtualServer.
> > > > org
> > > > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > > >
> > > > > > _______________________________________________
> > > > > > Please read the documentation before posting - it's available at:
> > > > > > http://www.linuxvirtualserver.org/
> > > > > >
> > > > > > LinuxVirtualServer.org mailing list -
> lvs-users@LinuxVirtualServer.
> > > org
> > > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > >
> > > > > _______________________________________________
> > > > > Please read the documentation before posting - it's available at:
> > > > > http://www.linuxvirtualserver.org/
> > > > >
> > > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> > org
> > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > >
> > > > _______________________________________________
> > > > Please read the documentation before posting - it's available at:
> > > > http://www.linuxvirtualserver.org/
> > > >
> > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> org
> > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > >
> > > _______________________________________________
> > > Please read the documentation before posting - it's available at:
> > > http://www.linuxvirtualserver.org/
> > >
> > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > >
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > Send requests to lvs-users-request@LinuxVirtualServer.org
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Yes Aaron, for loopback it must be /32.

But the two link told vip in director is also /32, which confused me, I
guess vip in director can't configure in loopback interface, right?

Thanks,
Linbo

2017-06-21 23:13 GMT+08:00 Aaron West <aaron@loadbalancer.org>:

> Linbo,
>
> This goes back to what I originally said.
>
> I assume you mean on the loopback adapter? If so then use a 255.255.255.255
> > or /32 for safety, not all OS's may need it as there can be many ways to
> > make it not respond to ARP, however, this also helps as you are telling
> the
> > OS it's a single address.
>
>
> So use a /32 for safety unless you can't for some reason as this helps to
> guarantee the real server will not respond to ARP requests for that VIP.
> There are indeed many many ways depending on OS to solve the ARP issue...
> Out of interest what OS are your real servers?
>
> Aaron West
>
> Loadbalancer.org
> www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
>
> <https://plus.google.com/+LoadbalancerOrg>
> <https://twitter.com/loadbalancerorg>
> <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> <https://www.loadbalancer.org/?category=company&post-name=
> overview&?gclid=ES2017>
> <https://www.loadbalancer.org/?gclid=ES2017>
> +1 888 867 9504 / +44 (0)330 380 1064
> aaron@loadbalancer.org
>
> LEAVE A REVIEW
> <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> DEPLOYMENT
> GUIDES
> <https://www.loadbalancer.org/?category=resources&post-name=
> deployment-guides&?gclid=ES2017>
> | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
>
> On 21 June 2017 at 16:07, linbo liao <llbgurs@gmail.com> wrote:
>
> > I have no idea.
> >
> > Refer to
> > http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.
> > ipvsadm.html#netmask_for_VIP
> >
> >
> > - For LVS-DR, LVS-Tun: netmask for VIP on director, realservers must
> be
> > /32.
> >
> > and Julian reply the post
> > http://archive.linuxvirtualserver.org/html/lvs-users/2016-12/msg00014.
> html
> >
> > 2. add VIP/32 on lo (for real server) or on eth0 (for director)
> >
> > Thanks,
> >
> > Linbo
> >
> >
> > 2017-06-21 22:31 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
> >
> > > Linbo,
> > >
> > > Sorry, if you mean directly on the interface of the director so when
> you
> > > check the output of "ip a" then I'd use the netmask of the network, I
> > > thought you meant the netmask setting for LVS itself.
> > >
> > >
> > >
> > > Aaron West
> > >
> > > Loadbalancer.org
> > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> > >
> > > <https://plus.google.com/+LoadbalancerOrg>
> > > <https://twitter.com/loadbalancerorg>
> > > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > > <https://www.loadbalancer.org/?category=company&post-name=
> > > overview&?gclid=ES2017>
> > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > +1 888 867 9504 / +44 (0)330 380 1064
> > > aaron@loadbalancer.org
> > >
> > > LEAVE A REVIEW
> > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > DEPLOYMENT
> > > GUIDES
> > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > deployment-guides&?gclid=ES2017>
> > > | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> > >
> > > On 21 June 2017 at 15:20, linbo liao <llbgurs@gmail.com> wrote:
> > >
> > > > I am not sure.
> > > >
> > > > If I configure vip netmask, and use `ip a` it will print vip with
> > > netmask
> > > > information. But `-M netmask` is show in `ipvsadm -Ln`.
> > > >
> > > > I think there are different thing.
> > > >
> > > > Thanks,
> > > > Linbo
> > > >
> > > >
> > > > 2017-06-21 22:01 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
> > > >
> > > > > Linbo,
> > > > >
> > > > > Yes, I believe it will be exactly the same, sorry for referencing
> > > > > Ldirectord it's just what I'm used to using.
> > > > >
> > > > > Did a quick google to verify my thoughts and this page backs me up
> as
> > > > well
> > > > > as being a nice read in itself:
> > > > > http://www.ducea.com/2008/06/16/lvs-persistence/
> > > > >
> > > > > Aaron West
> > > > >
> > > > > Loadbalancer.org
> > > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> > > > >
> > > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > > <https://twitter.com/loadbalancerorg>
> > > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name
> >
> > > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > > overview&?gclid=ES2017>
> > > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > > aaron@loadbalancer.org
> > > > >
> > > > > LEAVE A REVIEW
> > > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > > DEPLOYMENT
> > > > > GUIDES
> > > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > > deployment-guides&?gclid=ES2017>
> > > > > | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017
> >
> > > > >
> > > > > On 21 June 2017 at 14:37, linbo liao <llbgurs@gmail.com> wrote:
> > > > >
> > > > > > Sorry I miss the detailed information.
> > > > > >
> > > > > > I mean the netmask of VIP in LVS director. LVS use keepalived to
> do
> > > HA.
> > > > > > Will vip netmask in LVS director affect the persistence ?
> > > > > >
> > > > > > 2017-06-18 16:30 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
> > > > > >
> > > > > > > Hi Linbo,
> > > > > > >
> > > > > > > I assume you mean on the loopback adapter? If so then use a
> > > > > > 255.255.255.255
> > > > > > > or /32 for safety, not all OS's may need it as there can be
> many
> > > ways
> > > > > to
> > > > > > > make it not respond to ARP, however, this also helps as you are
> > > > telling
> > > > > > the
> > > > > > > OS it's a single address.
> > > > > > >
> > > > > > > Or do you mean the "netmask" in the ldirectord config which
> > affects
> > > > > > > persistence? When this is at the default of 255.255.255.255
> > > > persistence
> > > > > > > will work per source address so 192.168.0.10 and 192.168.0.11
> > would
> > > > get
> > > > > > > stuck to different servers. If you set 255.255.255.0 then they
> > > would
> > > > > both
> > > > > > > hit the same server as persistence would work by subnet so the
> > > whole
> > > > > > > 192.168.0.0/24 subnet would be stuck to the first server.
> > > > > > >
> > > > > > > Hope that's relevant to your question and makes sense...
> > > > > > >
> > > > > > >
> > > > > > > Aaron West
> > > > > > >
> > > > > > > Loadbalancer.org
> > > > > > > www.loadbalancer.org <https://www.loadbalancer.org/
> ?gclid=ES2017
> > >
> > > > > > >
> > > > > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > > > > <https://twitter.com/loadbalancerorg>
> > > > > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-
> > company-name
> > > >
> > > > > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > > > > overview&?gclid=ES2017>
> > > > > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > > > > aaron@loadbalancer.org
> > > > > > >
> > > > > > > LEAVE A REVIEW
> > > > > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review>
> |
> > > > > > > DEPLOYMENT
> > > > > > > GUIDES
> > > > > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > > > > deployment-guides&?gclid=ES2017>
> > > > > > > | BLOG <https://www.loadbalancer.org/
> > ?category=blog&?gclid=ES2017
> > > >
> > > > > > >
> > > > > > > On 18 June 2017 at 01:16, linbo liao <llbgurs@gmail.com>
> wrote:
> > > > > > >
> > > > > > > > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no
> > netmask
> > > > > > support
> > > > > > > in
> > > > > > > > configuration, the default netmask is 255.255.255.255. I test
> > > > default
> > > > > > > > netmask, looks everything works fine.
> > > > > > > >
> > > > > > > > So what's the proper netmask for vip, 255.255.255.255 or
> > > > > 255.255.255.0?
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > > Linbo
> > > > > > > > _______________________________________________
> > > > > > > > Please read the documentation before posting - it's available
> > at:
> > > > > > > > http://www.linuxvirtualserver.org/
> > > > > > > >
> > > > > > > > LinuxVirtualServer.org mailing list -
> > > lvs-users@LinuxVirtualServer.
> > > > > org
> > > > > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Please read the documentation before posting - it's available
> at:
> > > > > > > http://www.linuxvirtualserver.org/
> > > > > > >
> > > > > > > LinuxVirtualServer.org mailing list -
> > lvs-users@LinuxVirtualServer.
> > > > org
> > > > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > > >
> > > > > > _______________________________________________
> > > > > > Please read the documentation before posting - it's available at:
> > > > > > http://www.linuxvirtualserver.org/
> > > > > >
> > > > > > LinuxVirtualServer.org mailing list -
> lvs-users@LinuxVirtualServer.
> > > org
> > > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > >
> > > > > _______________________________________________
> > > > > Please read the documentation before posting - it's available at:
> > > > > http://www.linuxvirtualserver.org/
> > > > >
> > > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> > org
> > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > >
> > > > _______________________________________________
> > > > Please read the documentation before posting - it's available at:
> > > > http://www.linuxvirtualserver.org/
> > > >
> > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> org
> > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > >
> > > _______________________________________________
> > > Please read the documentation before posting - it's available at:
> > > http://www.linuxvirtualserver.org/
> > >
> > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > >
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > Send requests to lvs-users-request@LinuxVirtualServer.org
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Linbo,

Yes, it's different as you do want the director to respond to ARP requests
and that's the only reason it's suggested to use /32 and a loopback adapter
on the real server.

So to clarify the VIP on the director should use it's actual subnet and
should be on a real interface as any normal IP would.


Aaron West

Loadbalancer.org
www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>

<https://plus.google.com/+LoadbalancerOrg>
<https://twitter.com/loadbalancerorg>
<http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
<https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017>
<https://www.loadbalancer.org/?gclid=ES2017>
+1 888 867 9504 / +44 (0)330 380 1064
aaron@loadbalancer.org

LEAVE A REVIEW
<http://collector.reviews.io/loadbalancer-org-inc-/new-review> | DEPLOYMENT
GUIDES
<https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017>
| BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>

On 21 June 2017 at 16:22, linbo liao <llbgurs@gmail.com> wrote:

> Yes Aaron, for loopback it must be /32.
>
> But the two link told vip in director is also /32, which confused me, I
> guess vip in director can't configure in loopback interface, right?
>
> Thanks,
> Linbo
>
> 2017-06-21 23:13 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
>
> > Linbo,
> >
> > This goes back to what I originally said.
> >
> > I assume you mean on the loopback adapter? If so then use a
> 255.255.255.255
> > > or /32 for safety, not all OS's may need it as there can be many ways
> to
> > > make it not respond to ARP, however, this also helps as you are telling
> > the
> > > OS it's a single address.
> >
> >
> > So use a /32 for safety unless you can't for some reason as this helps to
> > guarantee the real server will not respond to ARP requests for that VIP.
> > There are indeed many many ways depending on OS to solve the ARP issue...
> > Out of interest what OS are your real servers?
> >
> > Aaron West
> >
> > Loadbalancer.org
> > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> >
> > <https://plus.google.com/+LoadbalancerOrg>
> > <https://twitter.com/loadbalancerorg>
> > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > <https://www.loadbalancer.org/?category=company&post-name=
> > overview&?gclid=ES2017>
> > <https://www.loadbalancer.org/?gclid=ES2017>
> > +1 888 867 9504 / +44 (0)330 380 1064
> > aaron@loadbalancer.org
> >
> > LEAVE A REVIEW
> > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > DEPLOYMENT
> > GUIDES
> > <https://www.loadbalancer.org/?category=resources&post-name=
> > deployment-guides&?gclid=ES2017>
> > | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> >
> > On 21 June 2017 at 16:07, linbo liao <llbgurs@gmail.com> wrote:
> >
> > > I have no idea.
> > >
> > > Refer to
> > > http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.
> > > ipvsadm.html#netmask_for_VIP
> > >
> > >
> > > - For LVS-DR, LVS-Tun: netmask for VIP on director, realservers must
> > be
> > > /32.
> > >
> > > and Julian reply the post
> > > http://archive.linuxvirtualserver.org/html/lvs-users/2016-12/msg00014.
> > html
> > >
> > > 2. add VIP/32 on lo (for real server) or on eth0 (for director)
> > >
> > > Thanks,
> > >
> > > Linbo
> > >
> > >
> > > 2017-06-21 22:31 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
> > >
> > > > Linbo,
> > > >
> > > > Sorry, if you mean directly on the interface of the director so when
> > you
> > > > check the output of "ip a" then I'd use the netmask of the network, I
> > > > thought you meant the netmask setting for LVS itself.
> > > >
> > > >
> > > >
> > > > Aaron West
> > > >
> > > > Loadbalancer.org
> > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
> > > >
> > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > <https://twitter.com/loadbalancerorg>
> > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
> > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > overview&?gclid=ES2017>
> > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > aaron@loadbalancer.org
> > > >
> > > > LEAVE A REVIEW
> > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > DEPLOYMENT
> > > > GUIDES
> > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > deployment-guides&?gclid=ES2017>
> > > > | BLOG <https://www.loadbalancer.org/?category=blog&?gclid=ES2017>
> > > >
> > > > On 21 June 2017 at 15:20, linbo liao <llbgurs@gmail.com> wrote:
> > > >
> > > > > I am not sure.
> > > > >
> > > > > If I configure vip netmask, and use `ip a` it will print vip with
> > > > netmask
> > > > > information. But `-M netmask` is show in `ipvsadm -Ln`.
> > > > >
> > > > > I think there are different thing.
> > > > >
> > > > > Thanks,
> > > > > Linbo
> > > > >
> > > > >
> > > > > 2017-06-21 22:01 GMT+08:00 Aaron West <aaron@loadbalancer.org>:
> > > > >
> > > > > > Linbo,
> > > > > >
> > > > > > Yes, I believe it will be exactly the same, sorry for referencing
> > > > > > Ldirectord it's just what I'm used to using.
> > > > > >
> > > > > > Did a quick google to verify my thoughts and this page backs me
> up
> > as
> > > > > well
> > > > > > as being a nice read in itself:
> > > > > > http://www.ducea.com/2008/06/16/lvs-persistence/
> > > > > >
> > > > > > Aaron West
> > > > > >
> > > > > > Loadbalancer.org
> > > > > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017
> >
> > > > > >
> > > > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > > > <https://twitter.com/loadbalancerorg>
> > > > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-
> company-name
> > >
> > > > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > > > overview&?gclid=ES2017>
> > > > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > > > aaron@loadbalancer.org
> > > > > >
> > > > > > LEAVE A REVIEW
> > > > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> |
> > > > > > DEPLOYMENT
> > > > > > GUIDES
> > > > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > > > deployment-guides&?gclid=ES2017>
> > > > > > | BLOG <https://www.loadbalancer.org/
> ?category=blog&?gclid=ES2017
> > >
> > > > > >
> > > > > > On 21 June 2017 at 14:37, linbo liao <llbgurs@gmail.com> wrote:
> > > > > >
> > > > > > > Sorry I miss the detailed information.
> > > > > > >
> > > > > > > I mean the netmask of VIP in LVS director. LVS use keepalived
> to
> > do
> > > > HA.
> > > > > > > Will vip netmask in LVS director affect the persistence ?
> > > > > > >
> > > > > > > 2017-06-18 16:30 GMT+08:00 Aaron West <aaron@loadbalancer.org
> >:
> > > > > > >
> > > > > > > > Hi Linbo,
> > > > > > > >
> > > > > > > > I assume you mean on the loopback adapter? If so then use a
> > > > > > > 255.255.255.255
> > > > > > > > or /32 for safety, not all OS's may need it as there can be
> > many
> > > > ways
> > > > > > to
> > > > > > > > make it not respond to ARP, however, this also helps as you
> are
> > > > > telling
> > > > > > > the
> > > > > > > > OS it's a single address.
> > > > > > > >
> > > > > > > > Or do you mean the "netmask" in the ldirectord config which
> > > affects
> > > > > > > > persistence? When this is at the default of 255.255.255.255
> > > > > persistence
> > > > > > > > will work per source address so 192.168.0.10 and 192.168.0.11
> > > would
> > > > > get
> > > > > > > > stuck to different servers. If you set 255.255.255.0 then
> they
> > > > would
> > > > > > both
> > > > > > > > hit the same server as persistence would work by subnet so
> the
> > > > whole
> > > > > > > > 192.168.0.0/24 subnet would be stuck to the first server.
> > > > > > > >
> > > > > > > > Hope that's relevant to your question and makes sense...
> > > > > > > >
> > > > > > > >
> > > > > > > > Aaron West
> > > > > > > >
> > > > > > > > Loadbalancer.org
> > > > > > > > www.loadbalancer.org <https://www.loadbalancer.org/
> > ?gclid=ES2017
> > > >
> > > > > > > >
> > > > > > > > <https://plus.google.com/+LoadbalancerOrg>
> > > > > > > > <https://twitter.com/loadbalancerorg>
> > > > > > > > <http://www.linkedin.com/company/3191352?trk=prof-exp-
> > > company-name
> > > > >
> > > > > > > > <https://www.loadbalancer.org/?category=company&post-name=
> > > > > > > > overview&?gclid=ES2017>
> > > > > > > > <https://www.loadbalancer.org/?gclid=ES2017>
> > > > > > > > +1 888 867 9504 / +44 (0)330 380 1064
> > > > > > > > aaron@loadbalancer.org
> > > > > > > >
> > > > > > > > LEAVE A REVIEW
> > > > > > > > <http://collector.reviews.io/loadbalancer-org-inc-/new-
> review>
> > |
> > > > > > > > DEPLOYMENT
> > > > > > > > GUIDES
> > > > > > > > <https://www.loadbalancer.org/?category=resources&post-name=
> > > > > > > > deployment-guides&?gclid=ES2017>
> > > > > > > > | BLOG <https://www.loadbalancer.org/
> > > ?category=blog&?gclid=ES2017
> > > > >
> > > > > > > >
> > > > > > > > On 18 June 2017 at 01:16, linbo liao <llbgurs@gmail.com>
> > wrote:
> > > > > > > >
> > > > > > > > > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no
> > > netmask
> > > > > > > support
> > > > > > > > in
> > > > > > > > > configuration, the default netmask is 255.255.255.255. I
> test
> > > > > default
> > > > > > > > > netmask, looks everything works fine.
> > > > > > > > >
> > > > > > > > > So what's the proper netmask for vip, 255.255.255.255 or
> > > > > > 255.255.255.0?
> > > > > > > > >
> > > > > > > > > Thanks,
> > > > > > > > > Linbo
> > > > > > > > > _______________________________________________
> > > > > > > > > Please read the documentation before posting - it's
> available
> > > at:
> > > > > > > > > http://www.linuxvirtualserver.org/
> > > > > > > > >
> > > > > > > > > LinuxVirtualServer.org mailing list -
> > > > lvs-users@LinuxVirtualServer.
> > > > > > org
> > > > > > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > > > > > or go to http://lists.graemef.net/
> mailman/listinfo/lvs-users
> > > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > Please read the documentation before posting - it's available
> > at:
> > > > > > > > http://www.linuxvirtualserver.org/
> > > > > > > >
> > > > > > > > LinuxVirtualServer.org mailing list -
> > > lvs-users@LinuxVirtualServer.
> > > > > org
> > > > > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Please read the documentation before posting - it's available
> at:
> > > > > > > http://www.linuxvirtualserver.org/
> > > > > > >
> > > > > > > LinuxVirtualServer.org mailing list -
> > lvs-users@LinuxVirtualServer.
> > > > org
> > > > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > > >
> > > > > > _______________________________________________
> > > > > > Please read the documentation before posting - it's available at:
> > > > > > http://www.linuxvirtualserver.org/
> > > > > >
> > > > > > LinuxVirtualServer.org mailing list -
> lvs-users@LinuxVirtualServer.
> > > org
> > > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > > >
> > > > > _______________________________________________
> > > > > Please read the documentation before posting - it's available at:
> > > > > http://www.linuxvirtualserver.org/
> > > > >
> > > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> > org
> > > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > > >
> > > > _______________________________________________
> > > > Please read the documentation before posting - it's available at:
> > > > http://www.linuxvirtualserver.org/
> > > >
> > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.
> org
> > > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > > >
> > > _______________________________________________
> > > Please read the documentation before posting - it's available at:
> > > http://www.linuxvirtualserver.org/
> > >
> > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > > Send requests to lvs-users-request@LinuxVirtualServer.org
> > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > >
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> > Send requests to lvs-users-request@LinuxVirtualServer.org
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Hello,

On Sun, 18 Jun 2017, linbo liao wrote:

> If vip 192.168.0.111 from subnet 192.168.0.0/24, and no netmask support in
> configuration, the default netmask is 255.255.255.255. I test default
> netmask, looks everything works fine.
>
> So what's the proper netmask for vip, 255.255.255.255 or 255.255.255.0?

The "lo" interface is special in Linux, if you
add IP/24 on lo, what is added actually is a range of local
addresses, i.e. 256 local addresses in the case for /24.
As result, for the 127.0.0.1/8 case, we actually have
16,777,216 local addresses, i.e. you can use 127.0.0.1 but
also 127.0.0.2 ... 127.255.255.255.

In the common case with IPVS, we add single VIP, so
only 255.255.255.255 should be used. And I don't think
255.255.255.255 is a default mask, it should be specified in
all commands.

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Thanks Julian, I understand /32 for "lo" interface.

But my question is VIP for director, it usually configure in other
interface than "lo" , what's the difference between /32 and actual subnet
of the VIP.

In keepalived, if no netmask provide, vip will configure with /32 netmask,
for example:

virtual_ipaddress {
192.168.0.111 ; it will use /32 netmask
192.168.0.112/24 ; it will use /24 netmask
}

Thanks,
Linbo

2017-06-22 5:10 GMT+08:00 Julian Anastasov <ja@ssi.bg>:

>
> Hello,
>
> On Sun, 18 Jun 2017, linbo liao wrote:
>
> > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no netmask support
> in
> > configuration, the default netmask is 255.255.255.255. I test default
> > netmask, looks everything works fine.
> >
> > So what's the proper netmask for vip, 255.255.255.255 or 255.255.255.0?
>
> The "lo" interface is special in Linux, if you
> add IP/24 on lo, what is added actually is a range of local
> addresses, i.e. 256 local addresses in the case for /24.
> As result, for the 127.0.0.1/8 case, we actually have
> 16,777,216 local addresses, i.e. you can use 127.0.0.1 but
> also 127.0.0.2 ... 127.255.255.255.
>
> In the common case with IPVS, we add single VIP, so
> only 255.255.255.255 should be used. And I don't think
> 255.255.255.255 is a default mask, it should be specified in
> all commands.
>
> Regards
>
> --
> Julian Anastasov <ja@ssi.bg>
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Hello Linbo

You will want to configure keepalived in the subnet that your VIP
should be assigned.

also you will want to configure it for the interface it should be
brought up on too.

Example : I have a LVS director and it has 2 interfaces.

eth0 192.168.100.1/28
eth1 172.31.1.10/12

I want to bring up the VIP on eth1 as IP 172.31.1.11/12

You only configure the 172.31.1.11/32 on the LO interface on each real
server for the VIP itself it should be as above in the same subnet as
the primary IP Address.

I hope that makes sense
Andrew Smalley

Loadbalancer.org Ltd.

www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
asmalley@loadbalancer.org

Leave a Review | Deployment Guides | Blog


On 22 June 2017 at 13:01, linbo liao <llbgurs@gmail.com> wrote:
> Thanks Julian, I understand /32 for "lo" interface.
>
> But my question is VIP for director, it usually configure in other
> interface than "lo" , what's the difference between /32 and actual subnet
> of the VIP.
>
> In keepalived, if no netmask provide, vip will configure with /32 netmask,
> for example:
>
> virtual_ipaddress {
> 192.168.0.111 ; it will use /32 netmask
> 192.168.0.112/24 ; it will use /24 netmask
> }
>
> Thanks,
> Linbo
>
> 2017-06-22 5:10 GMT+08:00 Julian Anastasov <ja@ssi.bg>:
>
>>
>> Hello,
>>
>> On Sun, 18 Jun 2017, linbo liao wrote:
>>
>> > If vip 192.168.0.111 from subnet 192.168.0.0/24, and no netmask support
>> in
>> > configuration, the default netmask is 255.255.255.255. I test default
>> > netmask, looks everything works fine.
>> >
>> > So what's the proper netmask for vip, 255.255.255.255 or 255.255.255.0?
>>
>> The "lo" interface is special in Linux, if you
>> add IP/24 on lo, what is added actually is a range of local
>> addresses, i.e. 256 local addresses in the case for /24.
>> As result, for the 127.0.0.1/8 case, we actually have
>> 16,777,216 local addresses, i.e. you can use 127.0.0.1 but
>> also 127.0.0.2 ... 127.255.255.255.
>>
>> In the common case with IPVS, we add single VIP, so
>> only 255.255.255.255 should be used. And I don't think
>> 255.255.255.255 is a default mask, it should be specified in
>> all commands.
>>
>> Regards
>>
>> --
>> Julian Anastasov <ja@ssi.bg>
>>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Hello,

On Thu, 22 Jun 2017, linbo liao wrote:

> Thanks Julian, I understand /32 for "lo" interface.
>
> But my question is VIP for director, it usually configure in other
> interface than "lo" , what's the difference between /32 and actual subnet
> of the VIP.
>
> In keepalived, if no netmask provide, vip will configure with /32 netmask,
> for example:
>
> virtual_ipaddress {
> 192.168.0.111 ; it will use /32 netmask
> 192.168.0.112/24 ; it will use /24 netmask
> }

Not sure about the keepalived specifics but
in Linux there is no big difference where you configure
the VIPs on director. The only rules that apply are:

- you should have DIP (Director IP) which is more preferred
when selecting local address for outgoing traffic, eg.
add DIP/24 on eth0 before configuring VIP. Such DIP is
mandatory for TUN mode because we originate IPIP packets
from DIP.

- In Linux, VIP can be VIP/24:eth0 (same netmask as DIP),
VIP/32:eth0 or VIP/32:lo, i.e. a secondary address for the
subnet. For the first case, if DIP is somehow removed,
/proc/sys/net/ipv4/conf/eth0/promote_secondaries should
not promote VIP as primary IP in place of the DIP.

- Some setups may want to mix director and real server role,
in this case they may prefer to put some VIPs on eth0 (VIPs
used for director role) and to put other VIPs on lo (VIPs
used for real server role, eg. DR mode). Such separation
is needed when using eth0/arp_ignore=1 and eth0/arp_announce=2.

So, in the most of the cases there should not be any
differences for the above 3 options and the IPVS tools can
use any of them to configure the VIP on lo or eth0.

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Thanks Julian.

I search the net, all VIP will be removed if primary IP deleted when
promote_secondaries is 0.

Why VIP should not be promoted as primary IP if DIP removed? I try to
search in google, but no luck.

Thanks,
Linbo

2017-06-23 4:25 GMT+08:00 Julian Anastasov <ja@ssi.bg>:

>
> Hello,
>
> On Thu, 22 Jun 2017, linbo liao wrote:
>
> > Thanks Julian, I understand /32 for "lo" interface.
> >
> > But my question is VIP for director, it usually configure in other
> > interface than "lo" , what's the difference between /32 and actual subnet
> > of the VIP.
> >
> > In keepalived, if no netmask provide, vip will configure with /32
> netmask,
> > for example:
> >
> > virtual_ipaddress {
> > 192.168.0.111 ; it will use /32 netmask
> > 192.168.0.112/24 ; it will use /24 netmask
> > }
>
> Not sure about the keepalived specifics but
> in Linux there is no big difference where you configure
> the VIPs on director. The only rules that apply are:
>
> - you should have DIP (Director IP) which is more preferred
> when selecting local address for outgoing traffic, eg.
> add DIP/24 on eth0 before configuring VIP. Such DIP is
> mandatory for TUN mode because we originate IPIP packets
> from DIP.
>
> - In Linux, VIP can be VIP/24:eth0 (same netmask as DIP),
> VIP/32:eth0 or VIP/32:lo, i.e. a secondary address for the
> subnet. For the first case, if DIP is somehow removed,
> /proc/sys/net/ipv4/conf/eth0/promote_secondaries should
> not promote VIP as primary IP in place of the DIP.
>
> - Some setups may want to mix director and real server role,
> in this case they may prefer to put some VIPs on eth0 (VIPs
> used for director role) and to put other VIPs on lo (VIPs
> used for real server role, eg. DR mode). Such separation
> is needed when using eth0/arp_ignore=1 and eth0/arp_announce=2.
>
> So, in the most of the cases there should not be any
> differences for the above 3 options and the IPVS tools can
> use any of them to configure the VIP on lo or eth0.
>
> Regards
>
> --
> Julian Anastasov <ja@ssi.bg>
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Hello,

On Sat, 24 Jun 2017, linbo liao wrote:

> I search the net, all VIP will be removed if primary IP deleted when
> promote_secondaries is 0.

Yes - if we add VIP/24 on eth0. Not - if VIP is added as /32.

> Why VIP should not be promoted as primary IP if DIP removed? I try to
> search in google, but no luck.

Nobody should need such games in IPVS setups...
I just wanted to note all considerations when deciding
where to add VIP.

> > add DIP/24 on eth0 before configuring VIP. Such DIP is
> > mandatory for TUN mode because we originate IPIP packets
> > from DIP.

If VIP becomes the primary source address when sending
to TUN real server, the real server can drop the IPIP packet
with saddr=VIP,daddr=RIP because VIP can be added as local
address on "lo". Also, there is no guarantee that such
packet can be routed to the RIP in all cases, sometimes
saddr=VIP can be allowed to use only the incoming ISP link.
So, as you see, it depends on many things.

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] netmask for vip? [ In reply to ]
Thanks Julian.

2017-06-25 1:30 GMT+08:00 Julian Anastasov <ja@ssi.bg>:

>
> Hello,
>
> On Sat, 24 Jun 2017, linbo liao wrote:
>
> > I search the net, all VIP will be removed if primary IP deleted when
> > promote_secondaries is 0.
>
> Yes - if we add VIP/24 on eth0. Not - if VIP is added as /32.
>
> > Why VIP should not be promoted as primary IP if DIP removed? I try to
> > search in google, but no luck.
>
> Nobody should need such games in IPVS setups...
> I just wanted to note all considerations when deciding
> where to add VIP.
>
> > > add DIP/24 on eth0 before configuring VIP. Such DIP is
> > > mandatory for TUN mode because we originate IPIP packets
> > > from DIP.
>
> If VIP becomes the primary source address when sending
> to TUN real server, the real server can drop the IPIP packet
> with saddr=VIP,daddr=RIP because VIP can be added as local
> address on "lo". Also, there is no guarantee that such
> packet can be routed to the RIP in all cases, sometimes
> saddr=VIP can be allowed to use only the incoming ISP link.
> So, as you see, it depends on many things.
>
> Regards
>
> --
> Julian Anastasov <ja@ssi.bg>
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users