diff options
| author | Julian Anastasov <ja@ssi.bg> | 2013-03-09 16:25:04 -0500 |
|---|---|---|
| committer | Simon Horman <horms@verge.net.au> | 2013-03-19 08:21:51 -0400 |
| commit | 0c12582fbcdea0cbb0dfd224e1c5f9a8428ffa18 (patch) | |
| tree | 04cdcc7982a7bed6f51bb2b8b55ffcf83c1f9e50 /include | |
| parent | cf2e39429c245245db889fffdfbdf3f889a6cb22 (diff) | |
ipvs: add backup_only flag to avoid loops
Dmitry Akindinov is reporting for a problem where SYNs are looping
between the master and backup server when the backup server is used as
real server in DR mode and has IPVS rules to function as director.
Even when the backup function is enabled we continue to forward
traffic and schedule new connections when the current master is using
the backup server as real server. While this is not a problem for NAT,
for DR and TUN method the backup server can not determine if a request
comes from client or from director.
To avoid such loops add new sysctl flag backup_only. It can be needed
for DR/TUN setups that do not need backup and director function at the
same time. When the backup function is enabled we stop any forwarding
and pass the traffic to the local stack (real server mode). The flag
disables the director function when the backup function is enabled.
For setups that enable backup function for some virtual services and
director function for other virtual services there should be another
more complex solution to support DR/TUN mode, may be to assign
per-virtual service syncid value, so that we can differentiate the
requests.
Reported-by: Dmitry Akindinov <dimak@stalker.com>
Tested-by: German Myzovsky <lawyer@sipnet.ru>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/ip_vs.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 68c69d54d392..fce8e6b66d55 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h | |||
| @@ -976,6 +976,7 @@ struct netns_ipvs { | |||
| 976 | int sysctl_sync_retries; | 976 | int sysctl_sync_retries; |
| 977 | int sysctl_nat_icmp_send; | 977 | int sysctl_nat_icmp_send; |
| 978 | int sysctl_pmtu_disc; | 978 | int sysctl_pmtu_disc; |
| 979 | int sysctl_backup_only; | ||
| 979 | 980 | ||
| 980 | /* ip_vs_lblc */ | 981 | /* ip_vs_lblc */ |
| 981 | int sysctl_lblc_expiration; | 982 | int sysctl_lblc_expiration; |
| @@ -1067,6 +1068,12 @@ static inline int sysctl_pmtu_disc(struct netns_ipvs *ipvs) | |||
| 1067 | return ipvs->sysctl_pmtu_disc; | 1068 | return ipvs->sysctl_pmtu_disc; |
| 1068 | } | 1069 | } |
| 1069 | 1070 | ||
| 1071 | static inline int sysctl_backup_only(struct netns_ipvs *ipvs) | ||
| 1072 | { | ||
| 1073 | return ipvs->sync_state & IP_VS_STATE_BACKUP && | ||
| 1074 | ipvs->sysctl_backup_only; | ||
| 1075 | } | ||
| 1076 | |||
| 1070 | #else | 1077 | #else |
| 1071 | 1078 | ||
| 1072 | static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs) | 1079 | static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs) |
| @@ -1114,6 +1121,11 @@ static inline int sysctl_pmtu_disc(struct netns_ipvs *ipvs) | |||
| 1114 | return 1; | 1121 | return 1; |
| 1115 | } | 1122 | } |
| 1116 | 1123 | ||
| 1124 | static inline int sysctl_backup_only(struct netns_ipvs *ipvs) | ||
| 1125 | { | ||
| 1126 | return 0; | ||
| 1127 | } | ||
| 1128 | |||
| 1117 | #endif | 1129 | #endif |
| 1118 | 1130 | ||
| 1119 | /* | 1131 | /* |