IBM Support

Loopback Aliasing Alternatives when using MAC Forwarding for WebSphere Edge Load Balancer on Linux

Technote (troubleshooting)


Problem(Abstract)

When using the MAC forwarding method for Load Balancer on Linux,
the Linux system behavior must be altered to make it compatible.

If the back-end servers (cluster members) are hosted on Linux, then they must be configured for ARP suppression or to NAT the incoming packets when using the MAC forwarding method for Load Balancer.

There are several different solutions, but may require the additional configuration steps shown below.

Symptom

All cluster traffic might be directed to a single back-end server in an indeterminate manner.


Cause

Why is configuring MAC forwarding for WebSphere Edge Load Balancer different on Linux?

The Linux operating system employs a host-based model of advertising hardware addresses to IP addresses using Address Resolution Protocol (ARP).

This model is incompatible with the back-end server or collocated server requirements for the Media Access Control (MAC) forwarding method with Load Balancer.

The Linux operating system issues an ARP response for any IP address that is configured on the machine for any interface that is present on the machine.

For any ARP who-has queries, the Linux operating system chooses a source IP address from the IP addresses that are present on the machine, regardless of the interfaces on which those addresses are configured.

When using the MAC forwarding method with WebSphere Edge Load Balancer, you must ensure that cluster-addressed traffic can be accepted by the stacks of the back-end servers.

In a non-Linux environment, this is typically done by adding the Cluster IP to the loopback device on the back-end servers as shown below:



This requirement also includes the Collocated High Availability Standby machine when both High Availability and Collocation are in use.

This is because a Standby Load Balancer machine with a cluster member collocated is essentially a back-end server while it is not the Active Load Balancer.

In a non-Linux environment, this is typically done by adding the Cluster IP to the loopback device on the Standby Load Balancer in the goStandby script:



In a Linux environment, the Linux operating system broadcasts ownership of every IP address that is configured on a back-end machine, including the IP address for the cluster that is aliased on the Loopback device.

Therefore, all cluster traffic might be directed to a single server in an indeterminate manner.


Resolving the problem

Review your specific operating system manual if these commands do not appear to function as expected. Review this material if using Load Balancer with zLinux.


To configure the Linux operating system for MAC forwarding, you need to make the following changes:

  1. Ensure the kernel does not advertise addresses on the loopback interface:
    You should enter the following sysctl command to prepare the operating system to accept packets addressed to the cluster addresses aliased on the loopback interface :

    # sysctl -w  net.ipv4.conf.all.arp_ignore=3 net.ipv4.conf.all_arp_announce=2
    Note:
    Add the sysctl commands to /etc/sysctl.conf to retain settings when the machine is rebooted.
  2. Configure the operating system to allow the server to send responses back to the client using the cluster address :

    # sysctl -w  net.ipv4.conf.all.rp_filter=0
    Note:
    Add the sysctl commands to /etc/sysctl.conf to retain settings when the machine is rebooted.
  3. Alias the cluster addresses to the loopback interface using one of the following commands:

    # ifconfig lo:1 $CLUSTER_ADDRESS netmask 255.255.255.255 up
    or
    # ip addr add $CLUSTER_ADDRESS/32 scope host dev lo
    Note: Add the cluster to /etc/sysconfig/network-scripts/ifcfg-lo file to retain settings when the machine is rebooted:

     DEVICE=lo
     IPADDR=127.0.0.1
     NETMASK=255.0.0.0
     NETWORK=127.0.0.0
     IPADDR2=$CLUSTER_ADDRESS
     NETMASK2=255.255.255.255

High Availability Collocation Notes for this method:

Collocated servers, that is servers located on the same machine as a load balancer are not recommended. The collocated server and the load balancer will compete for resources and may cause degraded performance and response time. However, there may be cases where such a configuration is used and when using high availability and collocated servers, the goActive and goStandby scripts should take appropriate action to performance the necessary configuration steps to move the configuration from a collocated setup to a standalone setup and vice-versa..

For the Load Balancer for IPv4 versioN:
The goActive script must remove the cluster from the loopback and add to the ethernet interface:

ip addr del $CLUSTER_ADDRESS/32 scope host dev lo
ifconfig $INTERFACE $CLUSTER netmask $NETMASK up

The goStandby script must remove the cluster from the ethernet interface and add to the loopback interface.

ifconfig $INTERFACE down
ip addr add $CLUSTER_ADDRESS/32 scope host dev lo

Note: Configuration steps for arp suppression and reverse path filtering should remain set regardless of the load balancer state.


Troubleshooting:
Here are some commands that may be helpful to see your current settings.
  • You can check your system settings by issuing:

    # sysctl net.ipv4.conf.all.arp_ignore
    # sysctl net.ipv4.conf.all.arp_announce
    # sysctl net.ipv4.conf.all.rp_filter


  • You can check your loopback and interface settings by issuing:

    # ifconfig -a

  • You can check your ip addr settings by issuing:

    # ip addr show

  • Verify connections are not being redirected by your iptables settings:

    Issue the following command to determine if iptables are loaded:

    # lsmod | grep ip_tables

    The output from the preceding command might be similar to this:

    ip_tables         22400   3
    iptable_mangle,iptable_nat,iptable_filter

    Issue the following command for each iptable listed in the output to display the rules for the tables:

    # iptables -t <short name> -L

    For example:

    # iptables -t mangle -L
    # iptables -t nat    -L
    # iptables -t filter -L

  • You can check your sysctl contents by issuing:

    # cat /etc/sysctl.conf

Cross reference information
Segment Product Component Platform Version Edition
Application Servers WebSphere Edge Server Load Balancer Linux 6.1, 6.0, 5.1
Application Servers Runtimes for Java Technology Java SDK

Historical Number

207567

Document information

More support for: WebSphere Application Server
Edge Component

Software version: 7.0, 8.0, 8.5, 8.5.5, 9.0

Operating system(s): Linux

Software edition: Network Deployment

Reference #: 1177105

Modified date: 16 August 2004