LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: LVS-TUN setup - responses from realserver not being let through

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: LVS-TUN setup - responses from realserver not being let through
From: Roberto Nibali <ratz@xxxxxxxxxxxx>
Date: Fri, 15 Sep 2006 14:19:41 +0200
I'm not sure exactly what this is indicative of, but:

On the real server -

"traceroute -S <VIP> <client>" - nothing comes through.  Does this
mean there's a router config problem, i.e. a router is not letting
those packets through due to the source address?
What's your routing entries? ip rule show, ip route show? What does an
ip route get <client> from <VIP> show you?

On the director:  (presumably not interesting)

# ip route get 217.8.220.94 from 88.198.198.122
217.8.220.94 from 88.198.198.122 via 88.198.41.97 dev eth1
    cache  mtu 1500 advmss 1460 fragtimeout 64

So the director has a different DGW than the RS?

On the real server:

# ip route get 217.8.220.94 from 88.198.198.122
217.8.220.94 from 88.198.198.122 via 88.198.7.129 dev eth1
    cache  mtu 1500 advmss 1460 fragtimeout 64

# ip rule show
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

# ip route show
88.198.7.128/27 dev eth1  proto kernel  scope link  src 88.198.7.133

Why is that? What's the primary address of eth1 on your RS?

169.254.0.0/16 dev eth1  scope link
127.0.0.0/8 dev lo  scope link
default via 88.198.7.129 dev eth1

Stupid questions:

o You took care of the arp problem, right?
o There's no rp_filter enabled on the RS?
o ~.7.129 is your DGW in the data center?
o no NAT between the client and LVS?

Could you send the 'ip addr show' output from your RS and director?

Where about in Zürich are you?

We're in Herrliberg, about 25mins south on the Goldcoast.

Just got booked for speeding from the police of that region; guess I was distracted by all those fancy rich ladies and the beautiful view on the lake :).

Roberto Nibali, ratz (in Altstetten right now)

Ah, I suspect I know who you are working for :-)

Yep, you better tell the Goldcoast people to chill with the speeding fines, or I'll re-route their assets into /dev/null :).

Cheers,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

<Prev in Thread] Current Thread [Next in Thread>