LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: making apache play nice.

To: Michael Sparks <michael.sparks@xxxxxxxxx>
Subject: Re: making apache play nice.
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx, loul@xxxxxxxx, Mike Jurney <mikej@xxxxxxxxxx>
From: tc lewis <tim@xxxxxxxxxx>
Date: Thu, 13 Jan 2000 16:02:41 -0500 (EST)
ok, this definitely makes sense.
solution 1 won't work for me (way way way too many sites).  =)
solution 2 i just don't like, heh.
solution 3 is wise.

i'm trying to switch to vs-dr.
i now have:
[root@jammer /root]# /sbin/ipvsadm
IP Virtual Server version 0.8.3 (size=4096)
Protocol LocalAddress:Port Scheduler Flags
      -> RemoteAddress:Port    Forward Weight ActiveConn InActConn
TCP 206.245.168.31:80 rr
      -> 192.168.123.3:80      Route   1      0          0
      -> 192.168.123.2:80      Route   1      0          0         

real servers are the same.
i threw a "Listen 206.245.168.31:80" in my apache config for kicks.
now i'm not getting connections at all.

i'm assuming this has something to do with the fact that my client machine
and my real servers can't contact each other because the real servers are
internal 192.168.123.x addresses.  i still have masquerading setup (using
my director as the gateway just for convenience), but that doesn't seem to
be working.  so i added a 192.168.123.0/24 route to my client machine and
a 205.147.201.0/24 route to the real servers (they're behind the same
router) to see if that would help, but it still doesn't.  no connections
at all...

[tcl@devel tcl]$ telnet 206.245.168.31 80
Trying 206.245.168.31...

<hang forever>...

i'm guessing this may still have something to do with the real servers
being unroutable ips, even tho it shouldn't be trying to route through
anything...hmm...i'm confused.  =)

any ideas?

-tcl.



On Thu, 13 Jan 2000, Michael Sparks wrote:

> Hi,
> 
> 
> What's happening is a consequence of using NAT. You're LVS is accepting
> packets for 206.245.168.31, and re-writing them to either 192.168.123.3 or 
> 192.168.123.2. The packets therefore arrive at those two servers marked
> for address 192.168.123.2 or 192.168.123.3, not the virtual service
> address 206.245.168.31.
> 
> As a result when apache sees this:
> > <VirtualHost w1.bungalow.intra>
> ...
> > </VirtualHost>
> 
> It notices that the packets are arriving on either 192.168.123.2 or
> 192.168.123.3 and not w1.bungalow.intra, hence your problem.
> 
> Solution 1)
> 
> If this is the only website being serviced by these two servers, change
> the config so the default doc root is the one you want.
> 
> Solution 2)
> 
> If they're servicing many websites map a realworld IP to an aliases on the
> realservers and use that to do the work. IMO this is messy, and could
> cause you major headaches.
> 
> Solution 3)
> 
> Use VS-DR or VS-TUN - that way the above config could be used without
> problems since the VS address is a local address as well. This'd be my
> choice.
> 
> Probably other solutions as well :-)
> 
> 
> Michael.
> --
> National & Local Web Cache Support        R: G117
> Manchester Computing                      T: 0161 275 7195
> University of Manchester                  F: 0161 275 6040
> Manchester UK M13 9PL                     M: Michael.Sparks@xxxxxxxxxxxxxxx
> 
> On Thu, 13 Jan 2000, tc lewis wrote:
> 
> > 
> > ok so it's been a couple months since i've actually done any lvs
> > implementation stuff, so i'm a little rusty.  i did up 3 systems with
> > redhat 6.1, using the default rh6.1 kernel, which has lvs stuff, altho a
> > little outdated i believe (are there major differences/fixes since then?).
> > i just wanted to test some stuff.  here's what i have going:
> > 
> > my director machine is 206.245.168.30 (eth0).  my vip is 206.245.168.31,
> > which is eth0:0 on the director.  eth0:1 is 192.168.123.1 (yeah i guess i
> > should really put a 2nd nic in there, but it shouldn't really matter,
> > should it?  all these machines are on the same switch behing the same
> > router...).
> > 
> > then i have 2 real servers, with eth0 as 192.168.123.2 and 192.168.123.3
> > on them, respectively.
> > 
> > i just set this up with nat and masquerading for the time being.  i'll
> > probably use a direct routing method if i were to actually put something
> > like this in production.  but here's what i have:
> > 
> > on the director:
> > [root@jammer /root]# /sbin/ipvsadm
> > IP Virtual Server version 0.8.3 (size=4096)
> > Protocol LocalAddress:Port Scheduler Flags
> >       -> RemoteAddress:Port    Forward Weight ActiveConn InActConn
> > TCP 206.245.168.31:80 rr
> >       -> 192.168.123.3:80      Masq    1      0          0
> >       -> 192.168.123.2:80      Masq    1      0          0         
> > [root@jammer /root]# /sbin/ipchains -L
> > Chain input (policy ACCEPT):
> > Chain forward (policy DENY):
> > target     prot opt     source                destination           ports
> > MASQ       all  ------  192.168.123.0/24     anywhere              n/a
> > Chain output (policy ACCEPT):
> > 
> > 
> > on my real servers:
> > [root@one /root]# /sbin/ipchains -L
> > Chain input (policy ACCEPT):
> > target     prot opt     source                destination           ports
> > REDIRECT   tcp  ------  anywhere             telnet-stream.iuinc.com  any 
> > ->   www => www
> > Chain forward (policy DENY):
> > Chain output (policy ACCEPT):
> > 
> > and:
> > [root@two /root]# /sbin/ipchains -L
> > Chain input (policy ACCEPT):
> > target     prot opt     source                destination           ports
> > REDIRECT   tcp  ------  anywhere             telnet-stream.iuinc.com  any 
> > ->   www => www
> > Chain forward (policy ACCEPT):
> > Chain output (policy ACCEPT):
> > 
> > 
> > i'm just using round robin because i want to make sure requests hit
> > alternating servers for this testing.
> > 
> > then i have a shared apache installation setup for those "one" and "two"
> > machines.
> > 
> > now, all of this works fine.  requests do alternate, responses get sent
> > back perfectly, and so on.
> > 
> > the problem comes in with apache virtualhosts.  in this situation, my
> > apache config has:
> > NameVirtualHost 206.245.168.31:80
> > 
> > and then i have, as one example:
> > <VirtualHost w1.bungalow.intra>
> > User u1
> > Group u1
> > UserDir htdocs
> > ServerAdmin tim@xxxxxxxxxx
> > DocumentRoot /home/WWW/w1.bungalow.intra/htdocs
> > ServerName w1.bungalow.intra
> > ErrorLog /home/WWW/w1.bungalow.intra/logs/error_log
> > CustomLog /home/WWW/w1.bungalow.intra/logs/access_log combined
> > ScriptAlias /cgi-bin/ /home/WWW/w1.bungalow.intra/cgi-bin/
> > </VirtualHost>
> > 
> > i've got a nameserver for these machines going that resolves
> > w1.bungalow.intra to 206.245.168.31.
> > 
> > so far, so good.  right?
> > 
> > well, when i try to get that w1.bungalow.intra web page from the outside
> > world (a machine on the 205.147.201 network that i made use that same
> > nameserver so w1.bungalow.intra resolves to 206.245.168.31 and blah blah),
> > i get the default apache page.  ie: the page from the global document
> > root, rather than that virtual host's document root.
> > 
> > i know this seems more like an apache question, but i thought it might
> > have something to do with how lvs redirects or rewrites those packets.
> > ie: maybe those requests are coming in to 192.168.123.x instead of
> > 206.245.168.31, so apache doesn't recognize to follow the virtual host
> > then or something...i'm not really sure.  or maybe apache isn't binding to
> > 206.245.168.31 since it's just an ipchains redirect rule instead of an
> > interface.  i played around with apache's "Listen" and "BindAddress"
> > directives to no avail.  i may simply not have played enough.
> > 
> > and i know i've gotten something like this to work before, a few months
> > back, but i can't tell what the difference is.
> > 
> > anyone have any experience with this and know what might be up here?
> > 
> > -tcl.
> > 
> > 
> > ----------------------------------------------------------------------
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
> > For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
> > 
> 
> 
> ----------------------------------------------------------------------
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
> For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
> 
> 


----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>