Re: Some problems with lvs

["Rocco Scappatura" <rocsca@xxxxxxxxx>]

Hello,

thanx for your answer. I still can't figure out why lvs-nat start-up script
do not add default route... here the output of the rc.lvs command...


looking for standard utilities
$FALSE=/bin/false
$FALSE=/usr/bin/false
$PING=/bin/ping -c 1
testing ping
ping can send one packet. is OK.
$FPING=/bin/ping -c 1
$IFCONFIG=/sbin/ifconfig
$NETSTAT=/bin/netstat
$ROUTE=/sbin/route
$AWK=/bin/awk
$AWK=/usr/bin/awk
$GREP=/bin/grep
$GREP=/usr/bin/grep
$HOSTNAME_CMD=/bin/hostname
$UNAME_CMD=/bin/uname
$UNAME_CMD=/usr/bin/uname
$CAT=/bin/cat
$CAT=/usr/bin/cat
$CUT=/bin/cut
$CUT=/usr/bin/cut
$TAIL=/usr/bin/tail
$XARGS=/usr/bin/xargs
$PS=/bin/ps
$PS=/usr/bin/ps
$KILL=/bin/kill
$WC=/usr/bin/wc
$TRACEROUTE=/usr/bin/traceroute
$ARP=/sbin/arp
$TR=/usr/bin/tr
$EXPR=/usr/bin/expr
$CHMOD=/bin/chmod
$CHMOD=/usr/bin/chmod
$MV=/bin/mv
$MV=/usr/bin/mv
$LM=/bin/ln
$LM=/usr/bin/ln
$RM=/bin/rm
$RM=/usr/bin/rm
$MKDIR=/bin/mkdir
$MKDIR=/usr/bin/mkdir
$SSH=/bin/ssh
$SSH=/usr/bin/ssh
$NTPD=/usr/sbin/ntpd
$IP=/sbin/ip
rc.lvs version 0.9.4 Sep 2002
(C) 2000-2002 Joseph Mack jmack@xxxxxxxx, distributed under GPL license
This file is part of the LVS project http://www.linuxvirtualserver.org
setting up director.sttspa.test
find_System_map
System.map
$SYSTEM_MAP=/boot/System.map
System.map
$SYSTEM_MAP=/usr/src/linux/System.map
$IPTABLES=/usr/sbin/iptables
$LSMOD=/bin/lsmod
$LSMOD=/sbin/lsmod
$RMMOD=/sbin/rmmod
$INSMOD=/sbin/insmod
number nics on director 2
LVS director
find_kernel_function_name_2_4
find_kernel_name_2_4: parameter ip_vs
check_function_in_kernel
function ip_vs_init in kernel.
won't look for module.
searching for ipchains
ipchains not loaded, good
loading ip_tables module
find_kernel_function_name_2_4
find_kernel_name_2_4: parameter ip_tables
check_function_in_kernel
function ipt_tables not in kernel
find_module_name_2_4
find_module_name_2_4: parameter ip_tables
module name ip_tables is ip_tables
attempting to load module: ip_tables
module ip_tables already loaded
setting default policy to ACCEPT for LVS devices
clearing iptables/ipchain rules
showing iptables nat rules
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
showing iptables rules
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
set_director_ip_forwarding on vs-nat director (1 on, 0 off).
set ip_forward ON for vs-nat director (1 on, 0 off).
proc/sys/net/ipv4/ip_forward 1
director is not gw for realservers: leave icmp redirects on.
setting icmp redirects (1 on, 0 off)
/proc/sys/net/ipv4/conf/all/send_redirects 1
/proc/sys/net/ipv4/conf/default/send_redirects 1
/proc/sys/net/ipv4/conf/eth0/send_redirects 1
device eth1 has VIP 10.166.231.240
new VIP device == old VIP device, don't reinstall
DEBUG: device eth1 has VIP 10.166.231.240 and is UP
DEBUG: removing 10.166.231.240 from eth1
adding ethernet device and routing for VIP 10.166.231.240
listing ifconfig info for VIP 10.166.231.240
eth1 Link encap:Ethernet HWaddr 00:02:55:39:40:9B
inet addr:10.166.231.240 Bcast:10.166.231.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20225 errors:0 dropped:0 overruns:0 frame:0
TX packets:916 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4667216 (4.4 Mb) TX bytes:70455 (68.8 Kb)
Interrupt:11 Base address:0x1000
checking VIP 10.166.231.240 is reachable from self (director): PING
10.166.231.240 (10.166.231.240) 56(84) bytes of data.
64 bytes from 10.166.231.240: icmp_seq=1 ttl=64 time=0.128 ms
--- 10.166.231.240 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.128/0.128/0.128/0.000 ms
listing routing info for VIP 10.166.231.240
10.166.231.240 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
clearing ipvsadm table
installing LVS services with ipvsadm
print_service_lines: adding non-persistent service 10.166.231.240:telnet
checking realserver 10.0.0.2 reachable from director -
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.540 ms
--- 10.0.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.540/0.540/0.540/0.000 ms
director starting in ON state
checking realserver 10.0.0.3 reachable from director -
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=0.961 ms
--- 10.0.0.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.961/0.961/0.961/0.000 ms
director starting in ON state
displaying ipvsadm settings
IP Virtual Server version 1.0.12 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.166.231.240:telnet rr
-> 10.0.0.3:telnet Masq 2 0 0
-> 10.0.0.2:telnet Masq 1 0 0
checking for valid server_gw for vs-nat LVS.
NUM_SERVER_GW = 1
default gw 10.0.0.1 for the vs-nat servers is on director, good
DIRECTOR_GW=10.166.231.1
installing default gw for vs-nat
number of default gw 0, first gw
not installing a default gw for LVS_TYPE vs-nat
DIRECTOR_GW=10.166.231.1
masquerading handled by LVS code.
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
not adding filter rules.
ntpd not running, won't be restarted
Remember to run this rc.lvs script on the real-servers too.
This script will use ssh to do this for you if you run it with
./configure lvs_xx.conf -i


Have you any suggestion?
rocsca
----- Original Message ----- 
From: <Mack.Joseph@xxxxxxxxxxxxxxx>
To: "LinuxVirtualServer.org users mailing list."
<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, June 01, 2005 8:37 PM
Subject: Re: Some problems with lvs


> Joseph Mack PhD, High Performance Computing & Scientific Visualisation
> LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007 Federal
> Infrastructure Contact-Ravi Nair 919-541-5467 - nair.ravi@xxxxxxx,
> Federal Visualization  Contact - Joe Retzer, Ph.D. 919-541-4190 -
> retzer.joseph@xxxxxxx
>
> lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx wrote on 06/01/2005 12:50:20
> PM:
>
> > Hello,
> >
> > I have configured lvs for 1 linux 2.4.29 director with two
> > NIC and 2 linux 2.4.29 realserver. Initially I use only
> > telnet service for loadbalance.
>
> > 1) configuration script do not add the default route so noclient can
> > establish a telnet connection. I must add it by hand :(
>
> In general a default route is a security hazard
>
>
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-DR.html#Pearthree
>
> and the configure script deletes it for LVS-DR and LVS-Tun.
> I can't remember what I did for LVS-NAT. On the directot
> look at the output of
>
> ip route show
>
> There should be a route from the VIP:lvsed_port to 0/0:0
> at least.
>
> > 2) when I telnet to director, the delay for obtain the
> > telnet prompt is very high. I'ld like to know how to degub the cause
>
> The usual causes are listed here.
>
>
http://www.austintek.com/LVS/LVS-HOWTO/mini-HOWTO/LVS-mini-HOWTO.html#problems
>
> > 3) when I launch './configure lvs_nat.conf -i' I can'y
> > figure out where rc.lvs is copied.
>
> read the notes with the configure script. You
> need passwordless root ssh copying activated.
> Otherwise you can nfs export the rc.lvs file
> to the realserver or just straight copy it
> over by hand.
>
> Joe
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users