LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: etherIP and lvs [Solved]

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: etherIP and lvs [Solved]
From: Roberto Nibali <ratz@xxxxxxxxxxxx>
Date: Thu, 24 Jul 2003 17:10:38 +0200
Hi,

Configuration mistake? Did you forget a "keep state" or was it another semantical issue?
No, to clarify I had to make the firewall rules to the clustered service
stateless.  I log all blocked traffic, so I would have seen it if it
was just getting blocked. But it wasn't getting blocked, though, it just kind of disappeared after going on the bridge. After I allowed traffic without keeping state from my client machine to the cluster node it started working (except for the mtu).

So you're saying that pf can't handle fragments with states?

No I don't have any scrub rules.

Ok.

I set the mtu on the link level.  How do you change it at the routing
level?  That would definitely be desirable.  I'm trying to figure out

When you set up the route, you specify the mtu, something like this:

ip route add 192.168.0.0/24 via 10.10.10.1 dev eth1 mtu 1280

and you check it by its slow cache entry:

ip -o -s -s route show cache

It's extremely simple and straightforward.

why the mtu discovery isn't working.  It works if I'm on the same
network, but not if I have to use a route.  On the director I get this
on a tcpdump:
08:55:00.924860 192.168.0.48 > 192.168.0.143: icmp: 192.168.0.48 unreachable - 
need to frag (mtu 1280)

I can't make out much of this, I'm afraid.

But I never see that on 192.168.0.143.  Doing a tcpdump on the router,
I see it on vlan0 at 192.168.0.1, which is on the router interface for 192.168.0.48, but never on vlan2 at 192.168.0.129 which is the router interface for 192.168.0.143.

Stupid question: Do you have overlapping netmasks?

The mtu on the gif interface is 1280:
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280

I assume it's because of the overhead of encapsulation.

Yes.

Best regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc

<Prev in Thread] Current Thread [Next in Thread>