From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-server+bounces-2962-garchives=archives.gentoo.org@gentoo.org>)
	id 1IhnyM-00089P-NN
	for garchives@archives.gentoo.org; Tue, 16 Oct 2007 15:04:43 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.14.1/8.14.0) with SMTP id l9GErmGZ005467;
	Tue, 16 Oct 2007 14:53:48 GMT
Received: from mail.networkmerchants.com (virtual000.networkmerchants.com [216.35.170.80])
	by robin.gentoo.org (8.14.1/8.14.0) with SMTP id l9GEppia003087
	for <gentoo-server@lists.gentoo.org>; Tue, 16 Oct 2007 14:51:51 GMT
Received: (qmail 14893 invoked from network); 16 Oct 2007 14:51:50 -0000
Received: from unknown (HELO ?10.1.10.29?) (76.193.193.209)
  by mail.networkmerchants.com with SMTP; 16 Oct 2007 14:51:50 -0000
Message-ID: <4714D000.1000405@iyd.com>
Date: Tue, 16 Oct 2007 09:51:44 -0500
From: Jeff Rooney <jtrooney@iyd.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
Precedence: bulk
List-Post: <mailto:gentoo-server@lists.gentoo.org>
List-Help: <mailto:gentoo-server+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-server+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-server+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-server.gentoo.org>
X-BeenThere: gentoo-server@gentoo.org
Reply-to: gentoo-server@lists.gentoo.org
MIME-Version: 1.0
To:  gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] Disable ARP
References: <4713D7DD.7020300@iyd.com> <4713DC6C.2000006@vanalteren.nl> <4713E595.4090904@iyd.com> <471476EC.2030206@vanalteren.nl>
In-Reply-To: <471476EC.2030206@vanalteren.nl>
Content-Type: multipart/alternative;
 boundary="------------040702050008040703010007"
X-Archives-Salt: f06b8b80-4a02-4ed3-a465-fe28f95e92f1
X-Archives-Hash: aa0784af9c587b0371951e765db5d60f

This is a multi-part message in MIME format.
--------------040702050008040703010007
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit

Ramon van Alteren wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jeff Rooney wrote:
>   
>> Both methods appear to work as I hoped.
>>     
>
> Good.
>
>   
>> Ramon: you where exactly right, I was following some documentation sent
>> over with some load balancers that I am experimenting with. Unfortunatly
>> their tech staff didn't have any real options for us other than blocking
>> the arp responses via ebtables. 
>>     
>
> Mmmm interesting tech support, out of curiosity what loadbalancers are
> you using ?
>   
Currently I am working with the load master series from Kemp 
Technologies. I am also going to be trying Coyote Point as well, we 
still haven't decided which route to take.
>   
>> Not sure why I didn't think about using
>> the dummy interface instead of the loopback...guess its just been that
>> sort of day for me =)
>>     
>
> I have them too (those days), trying to ram the square block through the
> round hole.... In some cases it even works :-)
>
>   
>> Thanks again for your help Ramon and RijilV.
>>     
>
> You're welcome.
> Word of warning: If you lose the noarp option on one of the real-servers
> you will see very weird erratic behaviour which can be hard to debug.
> Depending on the load you push through the loadbalancer the realserver
> which sends an arp will die immediately or slowly whilst generating
> weird bugs in your app.
>
> Best way to check: login with ssh on the vip
>   
Thanks for the heads up...I am actually probably still going to end up 
running ebtables to filter the outbound arp responses from the vip 
addresses just to be safe.

Thanks again.
--
Jeff

--------------040702050008040703010007
Content-Type: text/html; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-15"
 http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Ramon van Alteren wrote:
<blockquote cite="mid:471476EC.2030206@vanalteren.nl" type="cite">
  <pre wrap="">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeff Rooney wrote:
  </pre>
  <blockquote type="cite">
    <pre wrap="">Both methods appear to work as I hoped.
    </pre>
  </blockquote>
  <pre wrap=""><!---->
Good.

  </pre>
  <blockquote type="cite">
    <pre wrap="">Ramon: you where exactly right, I was following some documentation sent
over with some load balancers that I am experimenting with. Unfortunatly
their tech staff didn't have any real options for us other than blocking
the arp responses via ebtables. 
    </pre>
  </blockquote>
  <pre wrap=""><!---->
Mmmm interesting tech support, out of curiosity what loadbalancers are
you using ?
  </pre>
</blockquote>
Currently I am working with the load master series from Kemp
Technologies. I am also going to be trying Coyote Point as well, we
still haven't decided which route to take.<br>
<blockquote cite="mid:471476EC.2030206@vanalteren.nl" type="cite">
  <pre wrap="">
  </pre>
  <blockquote type="cite">
    <pre wrap="">Not sure why I didn't think about using
the dummy interface instead of the loopback...guess its just been that
sort of day for me =)
    </pre>
  </blockquote>
  <pre wrap=""><!---->
I have them too (those days), trying to ram the square block through the
round hole.... In some cases it even works :-)

  </pre>
  <blockquote type="cite">
    <pre wrap="">Thanks again for your help Ramon and RijilV.
    </pre>
  </blockquote>
  <pre wrap=""><!---->
You're welcome.
Word of warning: If you lose the noarp option on one of the real-servers
you will see very weird erratic behaviour which can be hard to debug.
Depending on the load you push through the loadbalancer the realserver
which sends an arp will die immediately or slowly whilst generating
weird bugs in your app.

Best way to check: login with ssh on the vip
  </pre>
</blockquote>
Thanks for the heads up...I am actually probably still going to end up
running ebtables to filter the outbound arp responses from the vip
addresses just to be safe.<br>
<br>
Thanks again.<br>
--<br>
Jeff<br>
</body>
</html>

--------------040702050008040703010007--
-- 
gentoo-server@gentoo.org mailing list