Re: taking long time to connect to LVS-NAT VIP if client is inanother sub net

["Madhav" <msp@xxxxxxxxxxxx>]

hi,
we have setup a lvs-nat using RH 6.1 on intel. pls find attached the
complete picture of our setup with IP's and routes.I have installed qmail in
server1 and server2. Server3 is NFS server for servers 1&2.  It has the mail
boxes. The following is my IPVSADM output.

[root@router1 msk]# /usr/sbin/ipvsadm
IP Virtual Server version 0.8.3 (size=4096)
Protocol LocalAddress:Port Scheduler Flags
      -> RemoteAddress:Port    Forward Weight ActiveConn InActConn
TCP 172.16.31.71:80 wlc
      -> 10.1.10.26:80         Masq    1      0          0
      -> 10.1.10.25:80         Masq    1      0          0
TCP 172.16.31.71:110 wlc
      -> 10.1.10.26:110        Masq    1      0          0
      -> 10.1.10.25:110        Masq    1      0          0
TCP 172.16.31.71:25 wlc
      -> 10.1.10.26:25         Masq    1      0          0
      -> 10.1.10.25:25         Masq    1      0          0
TCP 172.16.31.71:23 wlc
      -> 10.1.10.26:23         Masq    1      0          0
      -> 10.1.10.25:23         Masq    1      0          0
TCP 172.16.31.71:21 wlc
      -> 10.1.10.26:21         Masq    1      0          0
      -> 10.1.10.25:21         Masq    1      0          0

[root@router1 msk]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
172.16.31.72    *               255.255.255.255 UH        0 0          0
eth0
10.1.10.100     *               255.255.255.255 UH        0 0          0
eth1
10.1.10.150     *               255.255.255.255 UH        0 0          0
eth1
172.16.31.71    *               255.255.255.255 UH        0 0          0
eth0
172.16.0.0      *               255.255.0.0     U         0 0          0
eth0
10.0.0.0        *               255.0.0.0       U         0 0          0
eth1
127.0.0.0       *               255.0.0.0       U         0 0          0 lo
[root@router1 msk]#

The following are the processes running with qmail. we use tcpserver with
the -R option to disable the ident proto.

[root@server2 msk]# ps auxwww| grep qmail
root       899  0.0  1.0  1076  324 tty1     S    12:00   0:00 supervise
qmail
qmaillog   912  0.0  1.3  1096  408 tty1     S    12:00   0:00 splogger
qmail
qmails     924  0.0  1.2  1124  384 tty1     S    12:00   0:00 qmail-send
qmaillog   946  0.0  1.3  1096  408 tty1     S    12:00   0:00 splogger
pop3d
root       961  0.0  1.5  1136  468 tty1     S    12:00   0:00
tcpserver -R -u 0  -g 235 -c 20 -v -X -x /etc/tcpcontrol/pop-3.cdb 0 pop-3
qmail-popup server2 checkpassword qmail-pop3d Maildir/
root       962  0.0  1.1  1104  356 tty1     S    12:00   0:00 qmail-lspawn
./Maildir/
qmailr     963  0.0  1.1  1100  344 tty1     S    12:00   0:00 qmail-rspawn
qmailq     964  0.0  1.1  1080  348 tty1     S    12:00   0:00 qmail-clean
qmaillog   980  0.0  1.3  1096  408 tty1     S    12:00   0:00 splogger
smtpd
qmaild     992  0.0  1.5  1136  468 tty1     S    12:00   0:00
tcpserver -R -u 102 -g 235 -c 20 -v -X -x /etc/tcpcontrol/smtp.cdb 0 smtp
fixcrio qmail-smtpd
root      1144  0.0  1.6  1244  512 pts/0    S    15:19   0:00 grep qmail
[root@server2 msk]#

This above is same in server1 also.pls let me know if more details on the
setup are required.

Thanks,
Madhav

> Hello,
>
> On Thu, 18 May 2000, Madhav wrote:
>
> > Hi,
> >
> > > On Wed, May 17, 2000 at 03:40:17PM +0530, Madhav wrote:
> > > > Hi all,
> > > >     When I am trying to connect to my LVS-NAT VIP 172.16.31.71 from
> > client
> > > > with ip 172.16.1.4( it was in a diff. floor and so it has to go
through
> > main
> > > > switch), it was taking a long time when compared with the time it
takes
> > to
> > > > connect to the VIP from a client in the same sub net as LVS-NAT
> > cluster(e.g.
> > > > an address like172.16.31.74).
> > > >     Here is my setup.I have used two directors for my
LVS-heartbeat-mon
> > > > setup: master-172.16.31.72, slave-172.16.31.73 and two real servers
with
> > > > 10.1.10.25 and 10.1.10.26.
> > > >     I am guessing that RARP resolution is causing the delay, because
> > both
> > > > IPs 172.16.31.71(VIP for LVS) and  172.16.31.72(RIP for master
director)
> > are
> > > > claiming the same ethernet address( when the VIP is attached to the
> > master
> > > > director) . If this is the reason how can I reduce this? and if not
> > please
> > > > tell me what is causing this delay.
> > >
> > > You have two machines on the network with the same IP address?
> >
> > NO NO.. A machine has two IP addresses.
> > I should have said ARP resolution I suppose. I am not very sure. Anyway
here
> > is the senario. The the address 172.16.31.72 is the eth0 address of my
> > director1 or master and 172.16.31.71 is the eth0 alias of the same
machine.
> > So the director machine has two IPs. That is what it should be in
LVS.right?
> > I have installed a qmail server in both the real servers over NFS. LVS
is
> > providing load balance for mail  server.
> >     When I connect to the LVS VIP through netscape from a client, which
is
> > in the same subnet as that of LVS, it is connecting immediately. But
when I
> > am trying to connect from a client in another subnet, whose IP is
> > 172.16.1.4, it is taking a very long time( nearly 30 seconds). How can I
> > reduce this delay when the client is in a different subnet. Is there any
way
> > we can hide the eth0 address. Thst solves the problem I guess.
>
> If this is only a delay what about DNS or IDENT problems?
> Could be that the IDENT protocol used from the mailers causing
> the problems? If Yes, You have to stop using IDENT. The LVS HOWTO
> includes information about the IDENT problems. If this is not
> the problem you have to show us a picture of your devices, IPs,
> routes, etc.
>
>
> Regards
>
> --
> Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
>

my LVS-NAT.bmp
Description: Windows bitmap