Monitoring/check rp filter disabled

From Wikitech

Check rp_filter disabled is an Icinga check running on LVS servers via NRPE.

It is defined in modules/profile/manifests/lvs.pp.

It checks if rp filter is disabled in sysctl. The plugin it uses is /usr/lib/nagios/plugins/check_sysctl.

LVS servers require this setting in order to do their primary job of asymmetrically forwarding traffic.

"rp_filter" stands for "Reverse path filtering".

"when a machine with reverse path filtering enabled recieves a packet, the machine will first check whether the source of the recived packet is reachable through the interface it came in.

If it is routable through the interface which it came, then the machine will accept the packet If it is not routable through the interface, which it came, then the machine will drop that packet."


The command is executed on the LVS hosts and you can find the full command line in /etc/nagios/nrpe.d# view check_check_rp_filter_disabled.cfg.

Why has this been added

The reason this check has been added is described Incident_documentation/20140203-LVS, which it was a follow-up for.

What to do