Mailing List Archive

Stefano Paterni wrote:
>
Hi,

> I'm in trouble with real servers running linux kernel 2.4.
> They respond to arp requests in spite of the linux director, in which way
> can I stop them from responding to arp requests?

Apply following patch: http://www.linux-vs.org/hidden-2.3.41-1.diff
and proceed to setup the hidden devices like for 2.2.x kernels.

Best regards,
Roberto Nibali, ratz

--
mailto: `echo NrOatSz@tPacA.cMh | sed 's/[NOSPAM]//g'`

On Thu, 22 Feb 2001, Roberto Nibali wrote:

> Stefano Paterni wrote:
> >
> Hi,
>
> > I'm in trouble with real servers running linux kernel 2.4.
> > They respond to arp requests in spite of the linux director, in which way
> > can I stop them from responding to arp requests?
>
> Apply following patch: http://www.linux-vs.org/hidden-2.3.41-1.diff
> and proceed to setup the hidden devices like for 2.2.x kernels.

I never saw an explanation as to why the hidden-patch that actually made into
the 2.2-kernel didn't make it into 2.4. This is a patch of general
(?) interest, and it doesn't affect any other functionality - at least to my
knowledge.

Could somebody with the background-info please enlighten me and everbody else?

Cheers!


/m

> I never saw an explanation as to why the hidden-patch that actually made into
> the 2.2-kernel didn't make it into 2.4. This is a patch of general
> (?) interest, and it doesn't affect any other functionality - at least to my
> knowledge.
>
> Could somebody with the background-info please enlighten me and everbody else?

Julian, do you still have the links where he can read through
the kernel threads about the discussion between you and Alexey
and others about this feature?

Basically, the people dealing with the network code layer for
kernel 2.4.x series don't see the neccessity for this patch and
also think that it's in a way broken by design. If I find the
links, I'll post it.

Regards,
Roberto Nibali, ratz

--
mailto: `echo NrOatSz@tPacA.cMh | sed 's/[NOSPAM]//g'`

Hello,

On Thu, 22 Feb 2001, Mikael Eriksson wrote:

> On Thu, 22 Feb 2001, Roberto Nibali wrote:
>
> > Stefano Paterni wrote:
> > >
> > Hi,
> >
> > > I'm in trouble with real servers running linux kernel 2.4.
> > > They respond to arp requests in spite of the linux director, in which way
> > > can I stop them from responding to arp requests?
> >
> > Apply following patch: http://www.linux-vs.org/hidden-2.3.41-1.diff
> > and proceed to setup the hidden devices like for 2.2.x kernels.
>
> I never saw an explanation as to why the hidden-patch that actually made into
> the 2.2-kernel didn't make it into 2.4. This is a patch of general
> (?) interest, and it doesn't affect any other functionality - at least to my
> knowledge.
>
> Could somebody with the background-info please enlighten me and everbody else?

http://marc.theaimsgroup.com/?l=linux-kernel&m=98032243112274&w=2

The thread:

http://marc.theaimsgroup.com/?t=98019795800013&w=2&r=1

> Cheers!
>
>
> /m


Regards

--
Julian Anastasov <ja@ssi.bg>

On Thu, 22 Feb 2001, Mikael Eriksson wrote:

> On Thu, 22 Feb 2001, Roberto Nibali wrote:
>
> >
> > Apply following patch: http://www.linux-vs.org/hidden-2.3.41-1.diff
> > and proceed to setup the hidden devices like for 2.2.x kernels.
>
> I never saw an explanation as to why the hidden-patch that actually made into
> the 2.2-kernel didn't make it into 2.4. This is a patch of general

Why doesn't the author of the patch submit it to Alan Cox for inclusion in
the -ac* series? Alan seems to have opened up his tree to exactly these
kinds of patches.

--
Michael Brown
Linux Systems Group
Dell Computer Corp

> Basically, the people dealing with the network code layer for
> kernel 2.4.x series don't see the neccessity for this patch and
> also think that it's in a way broken by design. If I find the
> links, I'll post it.

Actually, I had a little debate where I tried to convince them that the
current behaviour is really just proxy arp -- basically, since the the
system replies for an IP that isn't on that directly connected network
(ie, assigned to that device), it is by definition proxy arp (per RFC
1009) -- but they didn't like that idea too much :)

Personally, I wish they would have agreed, not so much for the sake of
LVS, but because it has caused major problems on my network in the past.
:)

Thanks,

Kyle Sparger - Senior System Administrator
ksparger@dialtoneinternet.net - http://www.dialtoneinternet.net
Voice - (954) 581-0097 x 122
"Forget college, I'm going pro."

Hello,

On Thu, 22 Feb 2001, Michael E Brown wrote:

> On Thu, 22 Feb 2001, Mikael Eriksson wrote:
>
> > On Thu, 22 Feb 2001, Roberto Nibali wrote:
> >
> > >
> > > Apply following patch: http://www.linux-vs.org/hidden-2.3.41-1.diff
> > > and proceed to setup the hidden devices like for 2.2.x kernels.
> >
> > I never saw an explanation as to why the hidden-patch that actually made into
> > the 2.2-kernel didn't make it into 2.4. This is a patch of general
>
> Why doesn't the author of the patch submit it to Alan Cox for inclusion in
> the -ac* series? Alan seems to have opened up his tree to exactly these
> kinds of patches.

FYI, the patch was submitted one year ago (you see from the
version when it was created) to the network maintainers and they
responded. So, if the question is whether they know, the answer is yes.
Alan is not informed directly for this patch but the discussions on the
kernel mail list are public. The need is this feature to be replaced with
another one but there is still no another solution :) It is known that
this feature is not used only from the LVS community but everyone can
read the discussions and to see the different opinions on this issue.

> --
> Michael Brown
> Linux Systems Group
> Dell Computer Corp


Regards

--
Julian Anastasov <ja@ssi.bg>

At 11.16 22/02/01 +0100, you wrote:
>Stefano Paterni wrote:
> >
>Hi,
>
> > I'm in trouble with real servers running linux kernel 2.4.
> > They respond to arp requests in spite of the linux director, in which way
> > can I stop them from responding to arp requests?
>
>Apply following patch: http://www.linux-vs.org/hidden-2.3.41-1.diff
>and proceed to setup the hidden devices like for 2.2.x kernels.
>

I've applyed that patch, recompiled and made echos in
proc/sys/net/ipv4/conf/all/hidden and
lo/hidden as usual for kernel 2.2, but the linux box is still responding to
arps...
I've tryed to use a kernel 2.2.18 with hidden in proc by default, but
appear to have no effect...and the linux is still responding to arp, please
have you idea of the reason?
ifconfig lo:0 -arp appear to have no effect too.

Best regards!
Stefano

Hi,

> I've applyed that patch, recompiled and made echos in
> proc/sys/net/ipv4/conf/all/hidden and
> lo/hidden as usual for kernel 2.2, but the linux box is still responding to
> arps...

for i in all default lo; do
echo 1 > /proc/sys/net/ipv4/conf/${i}/hidden
done

> I've tryed to use a kernel 2.2.18 with hidden in proc by default, but
> appear to have no effect...and the linux is still responding to arp, please
> have you idea of the reason?
> ifconfig lo:0 -arp appear to have no effect too.

Correct. You should also remove all arp entries on the nodes
with arp -d.

Regards,
Roberto Nibali, ratz

--
mailto: `echo NrOatSz@tPacA.cMh | sed 's/[NOSPAM]//g'`

Julian Anastasov wrote:
>
> Hello,
>
> On Thu, 22 Feb 2001, Michael E Brown wrote:
>
> > On Thu, 22 Feb 2001, Mikael Eriksson wrote:
> >
> > > On Thu, 22 Feb 2001, Roberto Nibali wrote:
> > >
> > > >
> > > > Apply following patch: http://www.linux-vs.org/hidden-2.3.41-1.diff
> > > > and proceed to setup the hidden devices like for 2.2.x kernels.
> > >
> > > I never saw an explanation as to why the hidden-patch that actually made into
> > > the 2.2-kernel didn't make it into 2.4. This is a patch of general
> >
> > Why doesn't the author of the patch submit it to Alan Cox for inclusion in
> > the -ac* series? Alan seems to have opened up his tree to exactly these
> > kinds of patches.
>
> FYI, the patch was submitted one year ago (you see from the
> version when it was created) to the network maintainers and they
> responded. So, if the question is whether they know, the answer is yes.
> Alan is not informed directly for this patch but the discussions on the
> kernel mail list are public. The need is this feature to be replaced with
> another one but there is still no another solution :) It is known that
> this feature is not used only from the LVS community but everyone can
> read the discussions and to see the different opinions on this issue.

If they refuse to include the patch why don't integrate it into the
ipvs-patch?
So you have only one patch with all the needed functionality...

Juri

--
juri.haberland@innominate.com
system engineer innominate AG
clustering & security the linux architects
tel: +49-30-308806-45 fax: -77 http://www.innominate.com

Hello,

On Thu, 22 Feb 2001, Juri Haberland wrote:

> If they refuse to include the patch why don't integrate it into the
> ipvs-patch?
> So you have only one patch with all the needed functionality...

Because LVS is applied in the director while the patch for
the hidden flag is applied to the real servers :) But may be it can be
added in the tar ball?


> Juri
>
> --
> juri.haberland@innominate.com
> system engineer innominate AG
> clustering & security the linux architects
> tel: +49-30-308806-45 fax: -77 http://www.innominate.com


Regards

--
Julian Anastasov <ja@ssi.bg>

Julian Anastasov wrote:
>
> Hello,
>
> On Thu, 22 Feb 2001, Juri Haberland wrote:
>
> > If they refuse to include the patch why don't integrate it into the
> > ipvs-patch?
> > So you have only one patch with all the needed functionality...
>
> Because LVS is applied in the director while the patch for
> the hidden flag is applied to the real servers :) But may be it can be
> added in the tar ball?

Oops. How right you are.
Forget what I said, I'd better think before I type ;-)

Juri

--
juri.haberland@innominate.com
system engineer innominate AG
clustering & security the linux architects
tel: +49-30-308806-45 fax: -77 http://www.innominate.com

On Thu, Feb 22, 2001 at 11:16:31AM +0100, Roberto Nibali wrote:
> Stefano Paterni wrote:
> >
> Hi,
>
> > I'm in trouble with real servers running linux kernel 2.4.
> > They respond to arp requests in spite of the linux director, in which way
> > can I stop them from responding to arp requests?
>
> Apply following patch: http://www.linux-vs.org/hidden-2.3.41-1.diff
> and proceed to setup the hidden devices like for 2.2.x kernels.

For what it is worth I have attached a cleaned up the patch so it will
apply cleanly against 2.4.2.

--
Horms

On Thu, 22 Feb 2001, Horms wrote:

>
> For what it is worth I have attached a cleaned up the patch so it will
> apply cleanly against 2.4.2.
>

It will be included in the ipvs-0.2.5 tar ball soon.

Thanks,

Wensong

Hi, all

the 2.4.2 compile fine with the patch,
but my server answer to ARP, too.

I try:
echo 1 >/proc/sys/net/ipv4/conf/default/hidden
echo 1 >/proc/sys/net/ipv4/conf/all/hidden
echo 1 >/proc/sys/net/ipv4/conf/eth1/hidden
with no errors.

But the ARP reply is send every time.

Have anybody run an real-server with DR and 2.4.x ???

We use 20 web and 15 mysql server with 2.2.x and ipchains
transparent-proxying, and LVS works fine. Now we like to test the 2.4.x
... but what's the way ?

Thanks,

Joachim

Horms wrote:
>
> On Thu, Feb 22, 2001 at 11:16:31AM +0100, Roberto Nibali wrote:
> > Stefano Paterni wrote:
> > >
> > Hi,
> >
> > > I'm in trouble with real servers running linux kernel 2.4.
> > > They respond to arp requests in spite of the linux director, in which way
> > > can I stop them from responding to arp requests?
> >
> > Apply following patch: http://www.linux-vs.org/hidden-2.3.41-1.diff
> > and proceed to setup the hidden devices like for 2.2.x kernels.
>
> For what it is worth I have attached a cleaned up the patch so it will
> apply cleanly against 2.4.2.
>
> --
> Horms
>
> ------------------------------------------------------------------------
>
> hidden-2.4.2-1.diffName: hidden-2.4.2-1.diff
> Type: Plain Text (text/plain)

--
Mit freundlichen Grüßen
Ihr mobile.de Team

Joachim Wolff
Technik - Systemadministration

mobile.de GmbH
Bueschstr. 7 - D-20354 Hamburg
Tel.: +49 (0) 40/43 25 92-0 ; Fax: +49 (0) 40/43 18 23 55
Web: http://www.mobile.de

jwolff wrote:
>

> the 2.4.2 compile fine with the patch,

> But the ARP reply is send every time.

it's in the HOWTO, look for the patches to 2.4 kernels

http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO_1.0-3.html#ss3.2

I admit this is not an obvious location to find this info. I'll put a better
link in the next HOWTO.

Joe

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA

I'm trying to figure this out. I'm reading in the Howto
(http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO_1.0-12.html#s
s12.2) about the TP (or Horm's) method.

Will this work with 2.4 kernels or not?
In the howto is says:
"Horms' method requires all real-servers to be Linux 2.2.x machines with IP
masquerading, transparent proxing and IP firewalls turned on. In 2.4.x, TP
is part of the kernel build, there is no TP option."

This isn't clear to me :P
If it means what i think it means, that you don't need to activate those
options for the 2.4 kernel since they are already in, then replace ", there
is no TP option" with ", so TP will work without any modifications to the
kernel" or something like that maybe?
It might be just me that's a bit slow here, but it would be less confusing.

Further down in the instructions for the rc.horms script:
"#2. Real-servers: Must be running 2.2.x kernel."
Well, this is clear, but is it right?

This text is referenced in the arp problem section of the howto under fixes
for 2.4 kernels.

Can someone confirm wether this works or not with 2.4 kernels plese :)

Regards,
Johan Isacsson
MGON

> -----Ursprungligt meddelande-----
> Fran: lvs-users-admin@LinuxVirtualServer.org
> [mailto:lvs-users-admin@LinuxVirtualServer.org]For Joseph Mack
> Skickat: den 6 mars 2001 18:10
> Till: lvs-users@LinuxVirtualServer.org
> Amne: Re: Real server linux 2.4
>
>
> jwolff wrote:
> >
>
> > the 2.4.2 compile fine with the patch,
>
> > But the ARP reply is send every time.
>
> it's in the HOWTO, look for the patches to 2.4 kernels
>
> http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO_1.0-
3.html#ss3.2

I admit this is not an obvious location to find this info. I'll put a better
link in the next HOWTO.

Joe

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://www.in-addr.de/mailman/listinfo/lvs-users

Johan Isacsson wrote:
>
> I'm trying to figure this out. I'm reading in the Howto
> (http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO_1.0-12.html#s
> s12.2) about the TP (or Horm's) method.
>
> Will this work with 2.4 kernels or not?

yes

> In the howto is says:
> "Horms' method requires all real-servers to be Linux 2.2.x machines with IP
> masquerading, transparent proxing and IP firewalls turned on. In 2.4.x, TP
> is part of the kernel build, there is no TP option."
>
> This isn't clear to me :P

yes, I agree, the TP section is terrible, I'm rewriting it as we speak

> If it means what i think it means, that you don't need to activate those
> options for the 2.4 kernel since they are already in,

yes, I've already fixed it.

then replace ", there
> is no TP option" with ", so TP will work without any modifications to the
> kernel" or something like that maybe?
> It might be just me that's a bit slow here, but it would be less confusing.

no, the problem is with the HOWTO. There's not much about 2.4 in the HOWTO yet
and in many places I just talk about the kernel without giving version numbers.
This just means I haven't written a 2.4 section yet and the info refers to the
2.2
kernels.

> Further down in the instructions for the rc.horms script:
> "#2. Real-servers: Must be running 2.2.x kernel."
> Well, this is clear, but is it right?

that's the script for the 2.2.x kernels (I've made that clearer too).

I haven't done transparent proxy for 2.4.x kernels yet, but I believe
the command will be something like

iptables -t nat -A PREROUTING -p tcp -d $VIP --dport $service --sport $service
-j REDIRECT

Joe

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA

Joseph Mack wrote:
>
> jwolff wrote:
> >
>
> > the 2.4.2 compile fine with the patch,
>
> > But the ARP reply is send every time.
>
> it's in the HOWTO, look for the patches to 2.4 kernels
>
> http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO_1.0-3.html#ss3.2

I read it, too. But the patch for 2.4.2 will not prevent the kernel to
answer the ARP, in my case.

Have anybody it running with 2.4.x _AND_ Direct Routing?

By,

Joachim
>
> I admit this is not an obvious location to find this info. I'll put a better
> link in the next HOWTO.
>
> Joe
>
> --
> Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
> contractor to the National Environmental Supercomputer Center,
> mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users

--
Mit freundlichen Grüßen
Ihr mobile.de Team

Joachim Wolff
Technik - Systemadministration

mobile.de GmbH
Bueschstr. 7 - D-20354 Hamburg
Tel.: +49 (0) 40/43 25 92-0 ; Fax: +49 (0) 40/43 18 23 55
Web: http://www.mobile.de

jwolff wrote:
>
> Hi, all
>
> the 2.4.2 compile fine with the patch,
> but my server answer to ARP, too.

If you are accepting packets on VIP on the real-servers by
transparent proxy, then there is no ethernet device on the
real-servers with the VIP and there is no arp problem to
be solved. You do not need to hide the ethernet devices on the
real-server and you don't need to patch the 2.4.x kernel
on the real-servers

> I try:
> echo 1 >/proc/sys/net/ipv4/conf/default/hidden
> echo 1 >/proc/sys/net/ipv4/conf/all/hidden
> echo 1 >/proc/sys/net/ipv4/conf/eth1/hidden
> with no errors.
>
> But the ARP reply is send every time.
>
> Have anybody run an real-server with DR and 2.4.x ???

Yes, I have setup a 2 real-server LVS forwarding telnet by VS-DR,
both real-servers 2.4.1.

The commands on the real-servers to set up TP

echo "1" >/proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -d $VIP -p tcp --dport telnet -j REDIRECT


> We use 20 web and 15 mysql server with 2.2.x and ipchains
> transparent-proxying, and LVS works fine. Now we like to test the 2.4.x
> ... but what's the way ?

Joe

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA