Re: packets being sent out from the wrong ip-adress

To:	List - LVS Users <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: packets being sent out from the wrong ip-adress
From:	Matthijs van der Klip <Matthijs.van.der.Klip@xxxxxxxxxxxxxx>
Date:	Mon, 25 Nov 2002 10:06:53 +0100 (CET)

On Fri, 22 Nov 2002, Joseph Mack wrote:
> What forwarding method are you using?

LVS-DR, wlc.

> What services are you forwarding?

HTTP only using Tux and Apache.

> What relationship is SRC to RIP,VIP, DIP...?

Here is some ipvsadm output:

IP Virtual Server version 0.9.7 (size=65536)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  12.34.56.78:80 wlc
  -> 192.168.0.1:80               Local   400    154        406
  -> 192.168.0.2:80               Route   600    90         265
  -> 192.168.0.3:80               Route   1000   61         173
  -> 192.168.0.4:80               Route   1000   151        446

Ip-adresses are allocated as follows:

      Machine1     Machine2     Machine3     Machine4

VIP   12.34.56.78
eth0  12.34.56.79  12.34.56.80  12.34.56.81  12.34.56.82
eth1  192.168.0.1  192.168.0.2  192.168.0.3  192.168.0.4

So I have four machines each equipped with two network interfaces.
Interface eth0 is being used as a public interface and bound to a
routable ip-adress. Interface eth1 is being used as a private interface
and bound to a non-routable private ip-adress. One of the four machines
has been configured using ipvsadm and given an extra ip-adress (the VIP)
on it's eth0 interface. The other three machines have been configured with
iptables to make sure packets destined for the VIP are accepted (redirect
approach):

iptables -t nat -A PREROUTING -i eth1 -p tcp -d $VIP --dport 80 -j
REDIRECT

All routable ip-adresses are connected to the same switch and use the
same gateway. All private ip-adresses are connected to another switch and
have no gateway.

A request could be routed as follows:

a) Request comes in on the VIP (12.34.56.78)
b) LVS decides (wlc) to forward this connection to 192.168.0.2
c) The connection comes in on eth1 of Machine2. The iptables rule
   does a local redirect. The webserver (Tux), listening on 0.0.0.0:80,
   accepts the request and sends it's response through eth0 to the
   (default) gateway.

Normally this works like a charm. However I have found out that there are
in fact some packets being sent out from the public interfaces (eth0) of
the machines with a private source ip-adress (the one bound to eth1).
AFAIK all packets being sent should have the VIP as the source address,
isn't it?

Does this make things more clear?

> Assuming SRC=RIP, and LVS-DR
> why do you have something sending from RIP:80?

That's exactly what I'm asking. I do not understand why things are being
sent from the RIP.

Best regards,

-- 
Matthijs van der Klip, Unix Administrator
Dutch Public Broadcasting

<Prev in Thread]	Current Thread	[Next in Thread>
packets being sent out from the wrong ip-adress, Matthijs van der Klip Re: packets being sent out from the wrong ip-adress, Joseph Mack Re: packets being sent out from the wrong ip-adress, Matthijs van der Klip <= Re: packets being sent out from the wrong ip-adress, Julian Anastasov Re: packets being sent out from the wrong ip-adress, Matthijs van der Klip Re: packets being sent out from the wrong ip-adress, Julian Anastasov Re: packets being sent out from the wrong ip-adress, Matthijs van der Klip

Previous by Date:	Several application servers per realserver, Torvald Baade Bringsvor
Next by Date:	Re: packets being sent out from the wrong ip-adress, Julian Anastasov
Previous by Thread:	Re: packets being sent out from the wrong ip-adress, Joseph Mack
Next by Thread:	Re: packets being sent out from the wrong ip-adress, Julian Anastasov
Indexes:	[Date] [Thread] [Top] [All Lists]