LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

RE: conflicting statements in LVS-HOWTO

from [James Treleaven] [Permanent Link]
To: "Julian Anastasov" <ja@xxxxxx>
Subject: RE: conflicting statements in LVS-HOWTO
Cc: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: "James Treleaven" <jametrel@xxxxxxxxxxxx>
Date: Thu, 28 Feb 2002 19:30:40 -0500 
Hello,

Thanks for your explanations, Julian.

Now I understand what *should* occur.  I have set up an LVS-NAT with NAT
rules which should allow me to ping machines on the external network ... but
I cannot.  My traceroute ends at my director.  My 'iptables' rules (below)
look right to me.  Hmmm.

I'll be honest - I am using piranha with RedHat's ipvs in the kernel.  But I
*really* want a generic understanding of how to debug LVS ... and if I
understand what Julian has said - my problems have nothing to do with ipvs.
My 'iptables' NAT setup should allow me to ping the outside network
regardless of whether or not I have LVS running.  But it doesn't, thus it
must be wrong (or my routing tables are).  But they both sure look OK to me.

Here are my 'iptables' rules. I have more details (including tcpdump output)
below.

Thanks in advance for any help,
James



-----
[root@lvs00 root]# iptables -L -v
Chain INPUT (policy ACCEPT 627 packets, 253K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     all  --  eth0   eth1    anywhere             anywhere
state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  eth1   eth0    anywhere             anywhere
    0     0 LOG        all  --  any    any     anywhere             anywhere
LOG level warning

Chain OUTPUT (policy ACCEPT 590 packets, 49268 bytes)
 pkts bytes target     prot opt in     out     source
destination
-----






--------------------------------More Detailed
Report---------------------------
1) System Information
[root@lvs00 root]# uname -a
Linux lvs00 2.4.9-21smp #1 SMP Thu Jan 17 14:01:48 EST 2002 i686 unknown
[root@lvs00 root]# ipvsadm -L -n | head -1
IP Virtual Server version 0.8.1 (size=65536)
[root@lvs00 root]# ipvsadm -h | head -1
ipvsadm v1.18 2001/03/18 (compiled with popt and IPVS v0.8.1)

2) Short Description

- Using LVS-NAT
- Load Balancing port 80, persistent



                ____________
               |            |
               |   client   |
               |____________|
                      | CIP (eth0=216.26.108.94)
                      |
                   (router)
                      |
                      |    VIP (eth0:1=216.26.108.118)
          <-----------+-----+---------------->  Public Network
                      ______|_____
                     |            |
                     |  director  |
                     |____________|
                            | eth1=192.168.2.101
                            | eth1:1=192.168.2.102 (NAT router)
                            |
          <-----------------+---------------->  Private Network
                            |
                            |RIP1 (eth0=192.168.2.9)
                      ______|_____
                     |            |
                     |realserver1 |
                     |____________|



CIP  = 216.26.108.94
VIP  = 216.26.108.118   (eth0:1)
DIP  = 192.168.2.102    (eth1:1)
RIP1 = 192.168.2.9
RGW  = 192.168.2.102    (GIP for all realserver)

3) What doesn't work

(a) I cannot ping any address on the external network from my realserver.
Are my 'iptables' rules incorrect?


(b) Results for tcpdump when I perform this ping from the realserver:
'ping -c2 216.26.108.94':

[root@lvs00 root]# tcpdump -ln -i eth0 host 216.26.108.94
tcpdump: listening on eth0
19:14:50.335795 arp who-has 216.26.108.94 tell 192.168.2.9
19:14:51.333363 arp who-has 216.26.108.94 tell 192.168.2.9
19:14:52.333191 arp who-has 216.26.108.94 tell 192.168.2.9

-2147413757 packets received by filter
-1073746176 packets dropped by kernel
[root@lvs00 root]# tcpdump -ln -i eth1 host 216.26.108.94
tcpdump: listening on eth1
19:15:17.168870 arp who-has 216.26.108.94 tell 192.168.2.9
19:15:18.158866 arp who-has 216.26.108.94 tell 192.168.2.9
19:15:19.158690 arp who-has 216.26.108.94 tell 192.168.2.9

-2147412989 packets received by filter
-1073746944 packets dropped by kernel


(c) Traceroute: realserver->client

[root@rs50 root]# traceroute 216.26.108.94
traceroute to 216.26.108.94 (216.26.108.94), 30 hops max, 38 byte packets
 1  rs50 (192.168.2.9)  2996.471 ms !H  2997.594 ms !H  2999.447 ms !H
[root@rs50 root]#


(d) Director's Routing Table
[root@lvs00 root]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
216.26.108.96   0.0.0.0         255.255.255.224 U     0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         216.26.108.97   0.0.0.0         UG    0      0        0 eth0


(e) Real Server's Routing Table
[root@rs50 root]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
0.0.0.0         192.168.1.102   255.255.255.0   UG    0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 eth0
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: conflicting statements in LVS-HOWTO, Julian Anastasov
Next by Date:  mySQL Load Balancing, Marlon Pabilona
Previous by Thread:  Re: conflicting statements in LVS-HOWTO, Joseph Mack
Next by Thread:  RE: conflicting statements in LVS-HOWTO, Julian Anastasov
Indexes:  [Date] [Thread] [Top] [All Lists]