hiding arp for server farms

From: Adrian Daminato (adrian@tucows.com)
Date: Wed Nov 28 2001 - 12:45:40 EST


Okay, I've seen similar posts to this, but none of them provide a solution that
I can use.

I'm running several 2.2 machines behind a Radware load balancer, which uses
something called "local triangulation". Basically the Radware responds to ARP
requests for the IP of the farm, passes the packet to one of the servers, and
the server responds directly to the client. Each server has an aliased
interface on the loopback for the IP of the farm, and
/proc/sys/net/ipv4/conf/all/hidden and lo/hidden are set to 1. That works,
great, no problems.

Now, introduce an unpatched 2.4.x kernel. The hidden option no longer exists,
and for ease of operating a production environment, we prefer to use stock
kernels straight from kernel.org, no patches at all. I've tried many different
suggestion from the list:

1) ifconfig eth0 -arp
    We have over 60 servers on the subnet these farms are on, and they need to
be able to communicate with each other. When I do this, I can't talk to other
servers on the network, and keeping an /etc/ethers file up to date is a daunting
task, and not practical.

2) arp_filter
    I tried using it in a couple of ways, but there doesn't appear to be very
good documentation. I was hoping this would provide the same functionality of
the hidden in the 2.2 kernels for our current setup, but it doesn't appear to

3) I even tried adding the 'hidden' patch available, to put the hidden
functionality back in the 2.4.x kernel (currently I'm testing using a 2.4.9
kernel). It doesn't appear to work properly either, hosts on the local network
can't ping the server farm, and hosts outside the network although able to ping
the server farm, cannot ping the real IP of the host. It's kind of a weird
problem.

Is there any way to have this work on an unpatched 2.4.x kernel? Any
documentation/examples for arp_filter, how it works, how it can be implemented
for this?

Any help would be appreciated. Thanks.

-- 
Adrian Daminato 
Tucows International Corp.
http://www.tucows.com
Tel: (416) 535-0123
Fax: (416) 531-5584

Beauty awakens the soul to act. - Dante - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Fri Nov 30 2001 - 21:00:31 EST