Red Hat Docs  >  Manuals  >  Red Hat High Availability Server Manuals  > 

Routing Prerequisites

The LVS routers require Red Hat High Availability Server 1.0 or greater, and the type of routing you choose must be supported by your kernel/module configuration.

Enabling NAT

With NAT routing, packet forwarding, packet defragmenting, and IP masquerading must be enabled on the LVS routers.

Enable packet forwarding. To do this at system boot, make sure the file /etc/sysctl.conf contains the line net.ipv4.ip_forward = 1. To enable packet forwarding without rebooting, as root issue this command:

echo 1 > /proc/sys/net/ipv4/ip_forward
        

Enable packet defragmenting. To do this at system boot, make sure the file /etc/sysctl.conf contains the line net.ipv4.ip_always_defrag = 1. To enable packet defragmenting without rebooting, as root issue this command:

echo 1 > /proc/sys/net/ipv4/ip_always_defrag
        

To enable IP masquerading, issue this command:

ipchains -A forward -j MASQ -s n.n.n.n/type -d 0.0.0.0/0
        

where:

You will probably want to put the ipchains command in an init script (e.g., /etc/rc.d/rc.local), so that masquerading is configured on the LVS routers at system startup.

ipchains is the tool used to create and manage firewalling rules set in the kernel's TCP stack. Masquerading is a small subset of these rules that allow machines making use of private IP networks to communicate with the outside world. Using ipchains can have an impact on system security. If you have security concerns, read the ipchains HOWTO (http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html).

Enabling IP Encapsulation

On each real server, establish a tunnel between it and each virtual server address. For example, these commands establish two tunnels (tunl0 and tunl1) to two virtual server addresses (1.2.3.1 and 1.2.3.2):
ifconfig tunl0 1.2.3.1 up
ifconfig tunl1 1.2.3.2 up
          

To prevent real servers, rather than the active router, from intercepting ARP broadcasts, you also need to hide tunnels from ARP broadcasts. For example, these commands hide tunnels tunl0 and tunl1:

echo 1 > /proc/sys/net/ipv4/conf/all/hidden
echo 1 > /proc/sys/net/ipv4/conf/tunl0/hidden
echo 1 > /proc/sys/net/ipv4/conf/tunl1/hidden
        

Enabling Direct Routing

On each real server, enable a route to each virtual server address. For example, the following command aliases virtual server 1.2.3.1 to adapter eth0:

ifconfig eth0:0 1.2.3.1 up
        

You also need to hide virtual server routes from ARP broadcasts. For example, these commands hide any virtual server addresses on device eth0:

echo 1 > /proc/sys/net/ipv4/conf/all/hidden
echo 1 > /proc/sys/net/ipv4/conf/eth0/hidden