LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Problem using fwmark-services

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Problem using fwmark-services
From: Roberto Nibali <ratz@xxxxxxxxxxxx>
Date: Sun, 26 Feb 2006 20:47:32 +0100
>>That's not good! Either the app handler couldn't properly register the ip_vs_protocol, or packets flagged with appropriate fwmarks do not enter the IPVS code.
I agree ! at least the modules are registered:

lvs1:~# lsmod
Module                  Size  Used by
ip_vs_wrr               3200  2
ipt_MARK                2432  1
iptable_mangle          3072  1
ip_tables              16896  2 ipt_MARK,iptable_mangle
ip_vs                  77664  4 ip_vs_wrr

Yep, you wouldn't see much otherwise.

>>Also your virtual service entry looks completely bogus, so I suspect either your kernel or your user space binaries are wrong. What kind of machine do you use? >>32/64bit?

cpuid shows me: "Intel(R) Pentium(R) 4 CPU 2.80GHz" , i believe that this type of cpu has the 64 bit extension, not sure, i need to talk to my vendor.

dmidecode output should be enough, however P4 is not 64bit, only has PAE for 36bit memory addressing and probably EMT64.

 >>Could you try a more recent debian kernel, please?

In the meantime i tried the 2.6.8-2-686 image instead of 2.6.8-2-386 with no success, unfortunality i was not able yet to build a kernel from kernel.org, apperently the way of compile from 2.4 to 2.6 have changed and i dont have experience with it yet but i'm going to continiue

Is there a particular reason you need 2.6 kernel for your director setup? The way to compile kernel did not really change that much. Try:

make menuconfig
make

This will generate you a vmlinux, modules and bzImage.

Use 'make help' to get an information on how to properly install your kernel or do other funky things in your kernel source tree.

 >>This looks correct. How does your resulting ipvsadm -L -n look?

In this sample i've set persistence but the same behaviour occure without persistence.

Ok.

lvs1:~# ipvsadm -Ln
IP Virtual Server version 1.2.0 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
FWM  4 wrr persistent 3600
  -> 10.0.1.30:0                  Route   100    1          0
  -> 10.0.1.33:0                  Route   100    0          0


lvs1:~# ipvsadm -Lnc
IPVS connection entries
pro expire state       source             virtual            destination
IP  59:48  ERR!        10.0.1.70:0        0.0.0.4:0          10.0.1.30:0
TCP 14:52  ESTABLISHED 10.0.1.70:1231     10.0.1.232:80      10.0.1.30:80

Weird! Your packet could not be properly decapsulated, see the IP protocol entry? Please use at least 2.6.15 as kernel.

lvs1:~# iptables -L -t mangle -n -v
Chain PREROUTING (policy ACCEPT 260 packets, 29393 bytes)
pkts bytes target prot opt in out source destination 7 838 MARK tcp -- * * 10.0.1.0/24 10.0.1.232 tcp dpt:80 MARK set 0x4

This looks correct. You don't have other netfilter entries in either the filter or nat table?

>>Nope, not seen as such. Also please set the debug level in /proc/.../vs/ to 5 or so and dump the kernlog entries here for the setup and one request please.

Unfortunality "CONFIG_IP_VS_DEBUG" is disabled, think it's useless to set debugging unless i have a recent / customized kernel running, will come back.

Good, thanks. Cheers,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

<Prev in Thread] Current Thread [Next in Thread>