CLUSTERIP and ProxyARP?

CLUSTERIP and ProxyARP?

[Tobias DiPasquale]

Hi all,

Does anyone know if ipt_CLUSTERIP and ProxyARP will work correctly
together on a current Linux kernel? Anything special to watch out for?
TIA :)

-- 
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d

Re: CLUSTERIP and ProxyARP?

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1040 bytes --]

On Thu, Jun 23, 2005 at 06:36:08PM -0400, Tobias DiPasquale wrote:
> Hi all,
> 
> Does anyone know if ipt_CLUSTERIP and ProxyARP will work correctly
> together on a current Linux kernel? Anything special to watch out for?
> TIA :)

1. all current linux kernel up to (and including 2.6.12) has a CLUSTERIP bug
   anyway
2. I didn't think about interoperability with  proxyarp when
   implementing CLUSTERIP.  In fact, CLUSTERIP is meant to run on
   end-hosts (Such as webservers), not on gateways.

CLUSTERIP mangles ARP requests (and replies) from/to the CLUSTER IP
address.  So if you are proxy-ARP'ing for different IP addresses, it
_should_ work.

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: CLUSTERIP and ProxyARP?

[Tobias DiPasquale]

On 6/27/05, Harald Welte <laforge@netfilter.org> wrote:
> On Thu, Jun 23, 2005 at 06:36:08PM -0400, Tobias DiPasquale wrote:
> > Hi all,
> >
> > Does anyone know if ipt_CLUSTERIP and ProxyARP will work correctly
> > together on a current Linux kernel? Anything special to watch out for?
> > TIA :)
> 
> 1. all current linux kernel up to (and including 2.6.12) has a CLUSTERIP bug
>    anyway

What bug? Was it mentioned on this list earlier? I don't remember seeing it...

> 2. I didn't think about interoperability with  proxyarp when
>    implementing CLUSTERIP.  In fact, CLUSTERIP is meant to run on
>    end-hosts (Such as webservers), not on gateways.
> 
> CLUSTERIP mangles ARP requests (and replies) from/to the CLUSTER IP
> address.  So if you are proxy-ARP'ing for different IP addresses, it
> _should_ work.

I'm going to test it out today. I will let the list know the results. Thanks.

-- 
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d

Re: CLUSTERIP and ProxyARP?

[Tobias DiPasquale]

On 6/27/05, Tobias DiPasquale <codeslinger@gmail.com> wrote:
> On 6/27/05, Harald Welte <laforge@netfilter.org> wrote:
> > 1. all current linux kernel up to (and including 2.6.12) has a CLUSTERIP bug
> >    anyway
> 
> What bug? Was it mentioned on this list earlier? I don't remember seeing it...

Were you referring to the fact that, without a patch from earlier on
this list (from Alex somebody?), CLUSTERIP won't mangle ARP requests?
I can see that this patch didn't make it into 2.6.12.

-- 
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d

Re: CLUSTERIP and ProxyARP?

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1004 bytes --]

On Mon, Jun 27, 2005 at 07:11:24AM -0400, Tobias DiPasquale wrote:
> On 6/27/05, Tobias DiPasquale <codeslinger@gmail.com> wrote:
> > On 6/27/05, Harald Welte <laforge@netfilter.org> wrote:
> > > 1. all current linux kernel up to (and including 2.6.12) has a CLUSTERIP bug
> > >    anyway
> > 
> > What bug? Was it mentioned on this list earlier? I don't remember seeing it...
> 
> Were you referring to the fact that, without a patch from earlier on
> this list (from Alex somebody?), CLUSTERIP won't mangle ARP requests?
> I can see that this patch didn't make it into 2.6.12.

yes, that's the bug i'm referring to.

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

CLUSTERIP and ProxyARP?

[Tobias DiPasquale]

Hi all,

Does anyone know if ipt_CLUSTERIP and ProxyARP will work correctly
together on a current Linux kernel? Anything special to watch out for?
TIA :)

-- 
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d