From owner-freebsd-net@FreeBSD.ORG Mon Sep 19 06:49:29 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E41E216A41F for ; Mon, 19 Sep 2005 06:49:29 +0000 (GMT) (envelope-from peter@dataloss.nl) Received: from useful.dataloss.nl (useful.dataloss.nl [80.84.249.161]) by mx1.FreeBSD.org (Postfix) with SMTP id 3954243D48 for ; Mon, 19 Sep 2005 06:49:29 +0000 (GMT) (envelope-from peter@dataloss.nl) Received: (qmail 37646 invoked by uid 1001); 19 Sep 2005 06:49:28 -0000 Date: Mon, 19 Sep 2005 08:49:28 +0200 From: Peter van Dijk To: freebsd-net@freebsd.org Message-ID: <20050919064927.GB17888@dataloss.nl> References: <20050919.004531.92589257.mshindo@mshindo.net> <432D9249.9090202@mac.com> <432DA0AC.8010802@thedarkside.nl> <432E23A2.8000801@in-addr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <432E23A2.8000801@in-addr.com> User-Agent: Mutt/1.4i Subject: Re: ARP behavior in FreeBSD vs Linux X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2005 06:49:30 -0000 On Mon, Sep 19, 2005 at 03:34:10AM +0100, Gary Palmer wrote: > There is another side effect, which comes into view with certain > configurations behind load balancers. Foundry has an option (I believe > called "DSR" for Direct Server Return) which just fiddles with the MAC > address of the destination. Other companies load balancers will > probably have the same option, but I've no idea what they'll call it. Linux Virtual Server calls it 'DR' for Direct Routing. I like this feature a lot as it means our loadbalancer is basically idle :) > connection and life is happy. The return path from the host to the > originator bypasses the load balancer, and effectively halves the > traffic that the LB is having to process and do table lookups on, etc. > This obviously greatly increases the available capacity of the LB. All true; except in most cases the win is much more than 50%.. compare HTTP request size (<1KB) to HTTP response size (often >50KB) :) > With a Linux box answering ARP as described above, it is possible that > the upstream router (or routers) COULD learn that the load balanced IP > actually belongs on one of the servers rather than the load balancer. > If that happens, your load balanced farm will quickly degrade and you'll > be scratching your head for hours to try and figure out whats going on. > Or the LB and the Linux box will get into an ARP war and random TCP > connections will get RSTs from the Linux box. In setting up such a configuration, making sure the backend hosts do not respond to ARP is always important; I've seen people assign the frontend IP to normal ethernet interfaces on FreeBSD boxes and wonder why it didn't work.. On FreeBSD, we solve this issue by assigning the IPs to lo0. For Linux, this approach works equally well and is what the Linux Virtual Server documentation recommends. So, unless you have a weird policy of assigning these IPs to -other- Ethernet interfaces, there is no problem on FreeBSD nor Linux :) Cheers, Peter -- peter@dataloss.nl | ~ tonight tonight, what is this potion http://blog.dataloss.nl/ | ~ that makes a fool of me UnderNet/#clue | Wayfinder, fr-025 soundtrack