Re: IPVS Benchmarking

To:	Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: IPVS Benchmarking
Cc:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From:	Horms <horms@xxxxxxxxxxxx>
Date:	Tue, 11 Jan 2000 09:38:35 -0800

On Tue, Jan 11, 2000 at 01:46:45PM +0200, Julian Anastasov wrote:
> 
>       Hi Lars, Horms,
> 
> On Tue, 11 Jan 2000, Lars Marowsky-Bree wrote:
> 
> > On 2000-01-11T08:18:05,
> >    Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx> said:
> > 
> > >   Someone can test it disabling source validation in the Director
> > > (eth1):
> > > 
> > > echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
> > 
> > I can't check it right now, but I seem to recall this didn't fix it. 
> > rp_filter
> > is disabled by default anyway.
> 
>       There is one big difference which must be tested (the config with 
> two eths):
> 
> - The VIP is configured on eth0
> - Director is talking to real servers through eth1
> - Director is talking to the world through eth0
> - eth1 is configured with rp_filter=0
> 
>       So, my question is:
> 
>       Horms,
> 
>       are you using 2 eth cards ?

Yes, I have the real servers connected via eth1 and the
clients talking via eth2.

>       If Yes,
> 
>       are you using rp_filter=1 (all/rp_filter=1, */rp_filter=1) ?

I checked this out all/rp_filter=0, */rp_filter=2

>       If Yes, is the Directors default gw reachable through eth0 ?

In this case eth2, yes.

>       If Yes, Please try to set eth1/rp_filter=0

As this was already set I tried setting eth2 (interface to clients)
eth2/rp_filter=1, which made no difference.

>       The difference is that we disable source checking for eth1 but the
> outgoing packet is routed through eth0. This is not tested but the source
> validation must fail in this case and the packet must be forwarded
> successfully.
> 
>       Of course, ip_forward must be 1.

Of course.

>       For Director with 1 eth this is not working, i.e. rp_filter can't
> help. But this is only assumption looking in the kernel sources and it
> must be tested.

Unfortunately it doesn't seem to have helped. The VIP is an IP alias,
I have tried putting this on both eth1 (server side interface)
and eth2 (client side interface). Looking at tcp dumps the 
return packet is seen by the IPVS box on the server side
but not forwarded to the clients side, so the assumption that
the packet is being dropped for some reason appears to be correct.

-- 
Horms

----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx

<Prev in Thread]	Current Thread	[Next in Thread>
Re: IPVS Benchmarking, (continued) Re: IPVS Benchmarking, Joseph Mack Re: IPVS Benchmarking, Ray Bellis Re: IPVS Benchmarking, Joseph Mack [lvs-users] VS-NAT on one net (was: IPVS Benchmarking), Joseph Mack RE: [lvs-users] VS-NAT on one net (was: IPVS Benchmarking), Ray Bellis RE: [lvs-users] VS-NAT on one net (was: IPVS Benchmarking), Joseph Mack Re: IPVS Benchmarking, Joseph Mack Re: IPVS Benchmarking, Julian Anastasov Re: IPVS Benchmarking, Lars Marowsky-Bree Re: IPVS Benchmarking, Julian Anastasov Re: IPVS Benchmarking, Horms <= Re: IPVS Benchmarking, Julian Anastasov Re: IPVS Benchmarking, Horms Re: IPVS Benchmarking, Julian Anastasov Re: IPVS Benchmarking, Lars Marowsky-Bree Re: IPVS Benchmarking, Julian Anastasov Horm's method (REDIRECT), Joseph Mack Re: Horm's method (REDIRECT), Julian Anastasov Re: Horm's method (REDIRECT), Joseph Mack Re: Horm's method (REDIRECT), Julian Anastasov Re: Horm's method (REDIRECT), Joseph Mack

Previous by Date:	Virtual server -NAT not working, Sandeep Tambe
Next by Date:	Re: IPVS Benchmarking, Julian Anastasov
Previous by Thread:	Re: IPVS Benchmarking, Julian Anastasov
Next by Thread:	Re: IPVS Benchmarking, Julian Anastasov
Indexes:	[Date] [Thread] [Top] [All Lists]