|
I am also using Redhat 7.1. Is it not nescessary to patch this kernel for
lvs? But I couldn't find ipvsadm.
Please tell me where it is.
thanks
Schillaci
----- Original Message -----
From: Mark Miller <markm@xxxxxxxxxxxxxxxxxxx>
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Monday, May 14, 2001 10:15 PM
Subject: RH 7.1 iptables/ipvsadm?
> Thanks so much for all your advice! I have gone with heartbeat betweent
the
> ld's and keepalived for the real servers to change values in the ipvsadm
> table. The keepalived part worked well but I'm having problems with
getting
> even the simplest ipvsadm setup going.
>
> I'm using RedHat 7.1 and haven't recompiled the kernel since by default
it's
> supposed to have ipvsadm enabled as well as iptables - that's what I read
> somewhere anyway...I'm starting to have my doubts. I'm using ipvs-0.2.12
to
> manage ipvsadm functions. When I type ipvsadm I get:
>
> IP Virtual Server version 0.2.7 (size=65536)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
>
> So I'm assuming this is working. I have configured it as such for my
> primary load balancer...which I'm using for all my testing:
>
> IP Virtual Server version 0.2.7 (size=65536)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP xvfw:http rr
> -> ws2:http Masq 1 0 0
> -> ws1:http Masq 1 0 0
>
> This is not working. I get InActConn's when I try to connect with the
> client but never an active. When I do a ipvsadm -l c I see a SYN_REC
which
> times out after 60 seconds.
>
> IPVS connection entries
> pro expire state source virtual destination
> TCP 00:56.50 SYN_RECV marklt:1631 xvfw:http ws2:http
>
> I decided to make sure my NAT stuff was working outbound. I used ipchains
> since iptables --list returns the following:
>
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: init_module:
> Device or resource busy
> Hint: insmod errors can be caused by incorrect module parameters,
including
> invalid IO or IRQ parameters
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
> /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
ip_tables
> failed
> iptables v1.2.1a: can't initialize iptables table `filter': iptables who?
> (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
>
> At this point I can surf anywhere from my real servers, and I know there
are
> no rules to prevent traffic into the virtual address on the firewall. I'm
> distubed though by the iptables message though and am wondering, since
this
> version ipvsadm is supposed to be designed to work with iptables if this
is
> my problem. Has anyone else worked with RH 7.1 and ipvsadm? Does anyone
> have any ideas on how to fix iptables?
>
> Thanks again for all the help. This is a REALLY good user list.
>
> Mark
>
> > -----Original Message-----
> > From: lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx
> > [mailto:lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Alexandre
> > CASSEN
> > Sent: Thursday, May 10, 2001 1:18 AM
> > To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Subject: Re: Hot Spare config with LVS?
> >
> >
> >
> >
> > Hi Mark,
> >
> > For your 2 LDs you need to run a Hot standby protocol.
> > Hearthbeat can be
> > used, you can also use vrrp or hsrp. I am actually working on
> > the IPSEC AH
> > implementation for vrrp. That kind of protocol can be usefull
> > because your
> > LD backup server can be used even if it is in backup state (you simply
> > create 2 LDs VIP and set default gateway of your serveur pool
> > half on LD1
> > and half on LD2).
> >
> > For your webserver hot-spare needs, you can use the next keepalived
> > (http://keepalived.sourceforge.net) in wich there will be
> > "sorry server"
> > facility. This mean exactly what you need => You have a RS
> > server pool, if
> > all the server of this RS server pool are down then the sorry
> > server is
> > placed into the ipvsadm table automaticaly. If you use
> > keepalived keep in
> > mind that you will use NAT topology.
> >
> > Best regards,
> >
> > Alexandre
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > >I'm currently helping out with a new LVS/netfilter
> > deployment. We want a
> > >configuration where two Solaris based web servers will be setup in a
> > primary
> > >and secondary configuration. Rather than load balancing
> > between the two
> > we
> > >really want the secondary to act as a hot spare for the
> > primary. So we
> > want
> > >to use LVS which is, by definition, a load balancer as more
> > of a manager
> > for
> > >HA for a different OS - Solaris. Obviously the cost
> > advantages of two
> > Linux
> > >boxes and LVS over commercial (Alteon, Extreme Switches,
> > Veritas, etc.)
> > >products make it worth the trouble. We also want use the
> > LDs as Firewalls
> > >for this project using netfilter.
> > >
> > >So, the question I have is this:
> > >Is there any combination of schedules and/or weight (0
> > perhaps?) values
> > that
> > >will allow for configuration of the 2 real servers to be
> > setup with one as
> > a
> > >primary and one as a secondary server in hot-spare capacity.
> > Basically we
> > >only want the secondary real server to process requests if
> > the primary is
> > >removed by mon from the ipvsadm table. Once mon detects
> > that the primary
> > is
> > >providing the services we want mon to add it back to the
> > ipvsadm table and
> > >requests to the secondary real server to cease.
> > >
> > >Here is a quick diagram to help illustrate this question:
> > >
> > > Internet LD1&LD2 - Linux 2.4 kernel
> > > | RS1&RS2 - Solaris
> > > Router
> > > |
> > > -------+-------
> > > | |
> > > ----- -----
> > > |LD1| |LD2|
> > > ----- -----
> > > | |
> > > -------+-------
> > > |
> > > Switch
> > > |
> > > ---------------
> > > | |
> > > ----- -----
> > > |RS1| |RS1|
> > > ----- -----
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
|
