Persistence And Firewall Marks; Persistence - Red Hat LINUX VIRTUAL SERVER 5.1 - ADMINISTRATION Manual

While there are many advantages to using direct routing in LVS, there are limitations as well.
The most common issue with LVS via direct routing is with Address Resolution Protocol (ARP).
In typical situations, a client on the Internet sends a request to an IP address. Network routers
typically send requests to their destination by relating IP addresses to a machine's MAC
address with ARP. ARP requests are broadcast to all connected machines on a network, and
the machine with the correct IP/MAC address combination receives the packet. The IP/MAC
associations are stored in an ARP cache, which is cleared periodically (usually every 15
minutes) and refilled with IP/MAC associations.
The issue with ARP requests in a direct routing LVS setup is that because a client request to an
IP address must be associated with a MAC address for the request to be handled, the virtual IP
address of the LVS system must also be associated to a MAC as well. However, since both the
LVS router and the real servers all have the same VIP, the ARP request will be broadcast ed to
all the machines associated with the VIP. This can cause several problems, such as the VIP
being associated directly to one of the real servers and processing requests directly, bypassing
the LVS router completely and defeating the purpose of the LVS setup.
To solve this issue, ensure that the incoming requests are always sent to the LVS router rather
than one of the real servers. This can be done by using either the
packet filtering tool for the following reasons:
iptables
• The
arptables_jf
• The method completely sidesteps the ARP problem by not configuring VIPs on real
iptables
servers in the first place.
For more information on using
refer to Section 2.1, "Direct Routing and
".
iptables

5. Persistence and Firewall Marks

In certain situations, it may be desirable for a client to reconnect repeatedly to the same real
server, rather than have an LVS load balancing algorithm send that request to the best available
server. Examples of such situations include multi-screen web forms, cookies, SSL, and FTP
connections. In these cases, a client may not work properly unless the transactions are being
handled by the same server to retain context. LVS provides two different features to handle this:
persistence and firewall marks.

5.1. Persistence

When enabled, persistence acts like a timer. When a client connects to a service, LVS
remembers the last connection for a specified period of time. If that same client IP address
connects again within that period, it is sent to the same server it connected to previously —
bypassing the load-balancing mechanisms. When a connection occurs outside the time window,
prevents ARP from associating VIPs with real servers.
or
arptables
arptables_jf
Persistence and Firewall Marks
arptables_jf
in a direct routing LVS environment,
iptables
" or Section 2.2, "Direct Routing and
or the
11