Ah I see. The ideal solution would be to have a similar setup on both servers because any of these servers could fail-over, so the dynamic setup/modifications would be more complex in a fail-over con
Hello, You do not need REDIRECT rule on the director, use masquerading method for the local RIP1 and DR method for RIP2. Use REDIRECT on real server 2. For example: ipvsadm -a -f 100 -r 172.17.0.16:5
Thanks Julian this helps me understand it a lot better. Are you suggesting using masquerading method? That isn't an ideal option for me unless of course it is the only option. To see how much further
Hello, The debug output was very helpful. Looks like -j REDIRECT combined with DR is a bad idea. When packet comes to IPVS the daddr is already 172.17.0.16, see the "v:172.17.0.16" line below: The re
Apologies, the debug output showing port 50130 should be 50000 ex: IPVS: lookup/in TCP 172.17.0.24:*50130*->172.17.0.2:42816 not hit should be: IPVS: lookup/in TCP 172.17.0.24:*50000*->172.17.0.2:428
Certainly and that makes sense, I will consolidate what I've emailed before with the additional information here. client box. There are 3 boxes total, client box, director/RIP1( real server 1) and RI
Hello, ... When LocalNode (local RIP) is used, we can see the local reply in LOCAL_OUT hook. It happens for NAT but also for DR. So, it is normal. But we see these replies after DNAT in LOCAL_OUT, se
Just to clarify the packets are going to the loopback of node 1, when they should be going to node 2. This is shown in the tcpdump output: Here is the output from the lo device of the first node: 02:
I spoke to soon about this configuration working, the output of ipvsadm lead me to believe connections and packets were being load balanced, however they are now all coming from the real server which
Thanks again Julian that is very helpful information. And so far enabling IPVS nf conntrack has no adverse effect on performance after looking at the information you provided. _______________________
Hello, cat /proc/slabinfo | grep nf_conntrack or 'slabtop' can show the object size used by conntracks. It should be 240+ bytes. You can expect one conntrack per IPVS connection. You can also see con
Thanks Julian! After enabling CONFIG_IP_VS_NFCT and setting conntrack to 1 that resolved the problem. However, how leery should I be with it consuming memory? Is there a test to monitor this consumpt
Hello, VIPs are always on director. You mean RIP 172.17.0.16 and VIP 172.17.0.24 are on same box? Then there are 2 cases: local and non-local client? Only the masq forwarding method can change daddr
Thanks! I also saw this discussion which seemed a bit closer, but I'm unfamiliar with policy routing: http://archive.linuxvirtualserver.org/html/lvs-users/2003-10/msg00034.html Jacoby On Fri, Jan 17,
Jacoby, iptables will work on a different physical server, but does not work on the director node this is due to the way that LVS interacts with netfilter. More discussion here.... http://www.austint
Thanks Malcolm for the response. That is how it is setup, the real server is the same as the director node for one of the nodes. Even if connecting to only the primary node while all others are offli
Jacoby, You could put the iptables rules on each real server instead? (which would do the same trick.) LVS is on the INPUT chain so its very hard to use iptables rules like this on the director node.
I've searched Google and this mailing list but haven't quite seen the same configuration and/or setup as mine. The VIP is on the same box as the director and RIP 172.17.0.16. This setup works fine wh