LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: LVS-TUN not working

To: Joseph Mack <mack.joseph@xxxxxxx>
Subject: Re: LVS-TUN not working
Cc: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Wed, 25 Feb 2004 00:47:26 +0200 (EET)
        Hello,

On Tue, 24 Feb 2004, Joseph Mack wrote:

> >         There is only one remaining problem related to LVS-TUN: there
> > is no handling of ICMP errors destined to local IP and containing reply
> > to tunneled packet.
>
> Maybe this would be obvious if I understood PMTU.
>
> I assume you have an ipip packet (src_addr=DIP, dest_addr=RIP,
> containing payload with src_addr=CIP, dest_addr=VIP)
> going from the director over an arbitary number of hops
> to the realserver
>
> All ICMP errors -
> would be returned to the DIP?

        Yes, DIP is the sender's IP, so we receive the ICMP
traffic locally.

> would be returned to the host on the source end of the hop needing 
> fragmentation?
>
> "reply to tunneled packet" is the message saying that the packets needs 
> fragmenting
> and the first bytes of the packet (to identify it)?

        yes

> why is PMTU for ipip packets different to regular packets? (I have no clue).

        TCP and UDP handle ICMP errors but IPIP does not (well).
The DR and NAT forwarding preserve the sender's IP and ICMP traffic
from RS (or hosts before RS) is always forwarded. But if TUN is used
we have the already mentioned problem.

> > Such cases can be frag_needed messages from
> > hosts before the real server which we do not relay to client.
>
> "hosts before the realserver" means "between the director and the realserver"?

        yes

> Is the client supposed to get the frag_needed message? If not who is supposed 
> to
> get it?

        It depends. The director sends 20-bytes more, so
the client should not receive ICMP error in all cases, only if
lower PMTU is detected.

> > The problem is more complex because such errors are not propagated
> > from ipip_err() to the routing cache
>
> do you meant the routing cache on the machine getting the ICMP error message?
> (and in case it's not obvious, that machine is?)

        We care for the director where IPVS is running. If the
only traffic to the TUN real servers is the IPVS traffic then
the routing cache does not receive the PMTU info. Then, on
forwarding IPVS can not detect that this path has lower PMTU.
But this is theory, not really tested.

Regards

--
Julian Anastasov <ja@xxxxxx>
<Prev in Thread] Current Thread [Next in Thread>