Re: [IPV4] LVS: Allow to send ICMP unreachable responses when real-servers are removed

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Simon Horman <horms@verge.net.au>
Cc: Janusz Krzysztofik <jkrzyszt@tis.icnet.pl>,
	David Miller <davem@davemloft.net>,
	netdev@vger.kernel.org, Julian Anastasov <ja@ssi.bg>
Subject: Re: [IPV4] LVS: Allow to send ICMP unreachable responses when real-servers are removed
Date: Tue, 15 May 2007 18:11:35 +0200	[thread overview]
Message-ID: <4649DBB7.3070608@trash.net> (raw)
In-Reply-To: <20070515052608.GG13708@verge.net.au>

Simon Horman wrote:
> On Mon, May 14, 2007 at 07:41:48PM +0200, Patrick McHardy wrote:
> 
>>So you're adding a local route for non-local destination and the
>>address selection in icmp_send() uses the original destination
>>address as source because the route has RTCF_LOCAL set, resulting
>>in an error in ip_route_output_slow().
> 
> 
> I'm not entirely sure that "adding a local route" is the right
> terminology, but then again, perhaps I'm missunderstanding exactly
> what that means.

It means adding a route to the local table, which causes the
resulting dst_entry to be marked with RTCF_LOCAL.

> My undersanding of the problem is that IPVS likes to send icmp to notify
> end-users when real-servers are down. The source ip of such icmp is the
> VIP, that is the IP address associated with the virtual service.
> However, it is quite valid for this VIP not to be configured on the
> machine that is running IPVS. Thus the machine in question wants to send
> icmp packets with a non-local source address.
> 
> http://archive.linuxvirtualserver.org/html/lvs-users/2007-01/msg00109.html
> 
> I think that your patch looks good, assuming that inet_addr_type(VIP)
> is going to return RTN_LOCAL (except in the unlikely case that VIP is
> multicast or something silly like that.

I'm not familiar with the IPVS terms, but as far as I understand,
it is _not_ going to return RTN_LOCAL, so we get the desired
behaviour of selecting a local address as source.

> However, I wonder if efficiency or safety reasons it might
> be better for IPVS to pass some sort of OK_ITS_SUPPSED_TO_BE_NON_LOCAL
> flag into ip_route(). 
> 
> Just a thought.

I'm not too thrilled about adding a route flag when it really is
ICMP address selection that is the problem here.

The patch should be completely safe since multicast and broadcast
packets are already filtered out earlier and the RTN_LOCAL test
matches exactly what ip_route_output_slow does.

next prev parent reply	other threads:[~2007-05-15 16:12 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <200704271705.l3RH5Brw026873@hera.kernel.org>
2007-05-14 10:21 ` [IPV4] LVS: Allow to send ICMP unreachable responses when real-servers are removed Patrick McHardy
2007-05-14 10:35   ` David Miller
2007-05-14 14:25     ` Janusz Krzysztofik
2007-05-14 14:32       ` Patrick McHardy
2007-05-14 15:49         ` Janusz Krzysztofik
2007-05-14 17:41           ` Patrick McHardy
2007-05-15  5:26             ` Simon Horman
2007-05-15  9:46               ` Janusz Krzysztofik
2007-05-15 16:11               ` Patrick McHardy [this message]
2007-05-15 23:41                 ` Julian Anastasov
2007-05-17 11:25                   ` Janusz Krzysztofik
2007-05-17 16:41                     ` Patrick McHardy
2007-05-17 16:40                   ` Patrick McHardy
2007-05-17 20:51                     ` David Miller
2007-05-18  1:06                     ` Simon Horman
2007-05-18  8:40                     ` Julian Anastasov
2007-05-18  9:05                       ` David Miller
2007-05-30  9:38                         ` KOVACS Krisztian
2007-05-31  0:21                           ` Julian Anastasov
2007-05-31 12:50                             ` KOVACS Krisztian
2007-05-31 23:18                               ` Julian Anastasov
2007-06-01 12:55                                 ` KOVACS Krisztian
2007-06-20 10:57                                 ` Balazs Scheidler
2007-06-21  7:56                                   ` Julian Anastasov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4649DBB7.3070608@trash.net \
    --to=kaber@trash.net \
    --cc=davem@davemloft.net \
    --cc=horms@verge.net.au \
    --cc=ja@ssi.bg \
    --cc=jkrzyszt@tis.icnet.pl \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).