LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: LVS-DR problems

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: LVS-DR problems
From: Matthew Crocker <matthew@xxxxxxxxxxx>
Date: 15 Jan 2003 13:33:29 -0500
As a follow up to my other message.

If I change the default route on the Real server to that of the physical
interface of my OTHER LVS box.  It works.

So packets are going IN through LVS2 and out through LVS1.

LVS1 has the same settings as LVS2.  Very weird.

-Matt
On Wed, 2003-01-15 at 13:26, Matthew Crocker wrote:
> Hello list
> 
> I'm having a weird problem.  I have a LVS box setup which forwards a
> Class C (using fwmark) to a couple real servers.  It appears the packets
> coming from the real server going back to the client are getting dropped
> by the LVS box for some reason.
> 
> 
> I have ethereal running on both LVS interfaces and the real server.
> 
> When I try to telnet to the VIP port 80 I see the SYN packet enter the
> LVS on e0.  It exits the LVS on e1 and enters the real server on e0. 
> The real server sends a SYN,ACK packet back.  I see the SYN,ACK packet
> leave the real server. It enters the LVS on e1 but doesn't exit the LVS
> on e0.
> 
> 
> The Real Server has the LVS box setup as a default gateway
> The LVS box has my core router setup as its default gateway
> The LVS box is set to NAT outbound connections from the real servers RIP
> NAT'ing is only setup to NAT packets with source of 192.168.15.x (the
> Real IP's on the real servers) The VIP is not in that netblock so it
> should be NAT'd
> 
> IP Forwarding is turn on in the LVS box.  NAT is working for the real
> server when it makes direct connections.
> 
> The LVS box is also doing LVS-NAT with some other machines on different
> ports.
> 
> I don't see the packet leaving the LVS box at all. It isn't even getting
> NATted that I can tell.  Any help would be appreciated.  I don't think
> it is an LVS problem actually but I don't know what to do..
> 
> With LVS-DR  the LVS portion of the LVS box should only come into play
> when the packets enter the router on e0 and are marked with fwmark 1. 
> Packets going from the real server to the client should pass through the
> LVS box as if it was a normal router.
> 
> Here is my LVS box config.
> 
> [root@lvsd-2 sysconfig]# iptables -t mangle -L -n
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> MARK       tcp  --  0.0.0.0/0            159.250.20.0/24    tcp dpt:80 MARK 
> set 0x1
> MARK       tcp  --  0.0.0.0/0            159.250.20.0/24    tcp dpt:443 MARK 
> set 0x1
> 
> [root@lvsd-2 sysconfig]# iptables -t nat -L -n
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> MASQUERADE  all  --  192.168.15.0/24      0.0.0.0/0
> 
> [root@lvsd-2 sysconfig]# ipvsadm -L -n
> 
> FWM  1 wlc
>   -> 192.168.15.41:0              Route   1      0          0
> 
> 
> When I telnet to 159.250.20.1:80 from 63.170.156.3 I see the following packets
> 
> src 63.170.156.3:2108 -> 159.250.20.1:80  SYN       *enter LVS on e0
> src 63.170.156.3:2108 -> 159.250.20.1:80  SYN       *EXIT LVS on e1
> src 63.170.156.3:2108 -> 159.250.20.1:80  SYN       *enter Real Server on e0
> src 159.250.20.1:80 -> 63.170.156.3:2108  SYN,ACK   *exit the Real Server on 
> e0
> src 159.250.20.1:80 -> 63.170.156.3:2108  SYN,ACK   *enter the LVS on e1
> *** I should see the packet leaving the LVS on e0 but I don't
> 
> 
> The sequence numbers on the packets match up. the LVS-DR part is working, the 
> response part is not.
> 
> Where should I be looking?
-- 
Matthew Crocker <matthew@xxxxxxxxxxx>
Crocker Communications, Inc.



<Prev in Thread] Current Thread [Next in Thread>