Re: lvs setup via tunelling problem

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	Re: lvs setup via tunelling problem
From:	Djamil ESSAISSI <djamil@xxxxxxxxxxxxxxxx>
Date:	Tue, 16 Oct 2001 11:41:32 +0200

:)> :)director# tcpdump -ln -i INDEV host CIP
:)> :)director# tcpdump -ln -i OUTDEV host RIP
:)
:)      Do you have the tcpdump on OUTDEV? Your config looks ok but
:)I'm still not sure where the traffic stops. You provide only trace
:)from one point which is obvious to work.

(*** just in case i'm wrong what do u mean by INDEV OUTDEV ?)
 
:)
:)> :)real server# tcpdump -ln -i IN_ETH host DIP
:)> :)real server# tcpdump -ln -i tunl0 host CIP
:)> :)real server# tcpdump -ln -i OUT_DEV host CIP
:)> :)
:)
(*** here too)

i've sent the only tcpdumps that actually got something !

:)>
:)> vip=212.43.218.153
:)> rip=212.73.232.232
:)> cip=193.252.175.157
:)
:)      Check whether ping 212.73.232.232 works from director.

yes it does


:)      On the real server use:
:)
:)echo 1 > /proc/sys/net/ipv4/ip_forward
:)echo 1 > /proc/sys/net/ipv4/conf/all/hidden
:)echo 1 > /proc/sys/net/ipv4/conf/lo/hidden
:)ifconfig lo:153 212.43.218.153 netmask 255.255.255.255 up
:)
:)# insert it if it is compiled as module:
:)insmod ipip
:)ifconfig tunl0 up
:)

now this is not like docs/examples say ! 

it doenst say about ifconfig lo, nor ifconfig tunl0 up without ip ?!

and the hiding should not apply to my config ?! 

<<--i'm not arguing you but just telling you that i'm getting confused ! :) -->>

:)To check whether packets with src=VIP exit from your RS's gateway use
:)something like:
:)
:)traceroute -n -s 212.43.218.153 192.252.175.157
:)

looks like we spoted "a" problem , this doesnt work , i'm gonne have to play 
again with the firewall !

:)and check whether some traffic reaches client and then the director,
:)i.e. UDP to client and then client replies with ICMP to director (where
:)the VIP is announced).
:)
:)      OTOH, your RS's ISP have to allow spoofed traffic with
:)src=212.43.218.153. The above traceroute should check it. Many
:)ISPs don't allow you to send traffic with foreign source address (the
:)VIP in your case).
:)
:)Regards
:)

yup thank god we dont really depend on an ISP, we're hoocked to the bone in a 
datacenter ... we control all our stuff ...so it's a matter of some time ....

thank you again for the help ....

i'm following this mailing list very closely as i discover how privilieged we 
are in doing this good stuff.

grutz.

Dj

<Prev in Thread]	Current Thread	[Next in Thread>
lvs setup via tunelling problem, Djamil ESSAISSI Re: lvs setup via tunelling problem, Julian Anastasov Re: lvs setup via tunelling problem, djamil Re: lvs setup via tunelling problem, Julian Anastasov Re: lvs setup via tunelling problem, Djamil ESSAISSI Re: lvs setup via tunelling problem, Djamil ESSAISSI Re: lvs setup via tunelling problem, Julian Anastasov Re: lvs setup via tunelling problem, Djamil ESSAISSI Re: lvs setup via tunelling problem, Julian Anastasov Re: lvs setup via tunelling problem, Djamil ESSAISSI <= Re: lvs setup via tunelling problem, Julian Anastasov Re: lvs setup via tunelling problem, Djamil ESSAISSI Re: lvs setup via tunelling problem, Djamil ESSAISSI Re: lvs setup via tunelling problem, Julian Anastasov Re: lvs setup via tunelling problem, Djamil ESSAISSI Re: lvs setup via tunelling problem, Julian Anastasov Re: lvs setup via tunelling problem, Djamil ESSAISSI Re: lvs setup via tunelling problem, Djamil ESSAISSI Re: lvs setup via tunelling problem, Djamil ESSAISSI Re: lvs setup via tunelling problem, Julian Anastasov

Previous by Date:	firewall for lvs question, lco
Next by Date:	Re: lvs setup via tunelling problem, Julian Anastasov
Previous by Thread:	Re: lvs setup via tunelling problem, Julian Anastasov
Next by Thread:	Re: lvs setup via tunelling problem, Julian Anastasov
Indexes:	[Date] [Thread] [Top] [All Lists]