LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: LVS-TUN setup - responses from realserver not being let through

from [Roberto Nibali] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: LVS-TUN setup - responses from realserver not being let through
From: Roberto Nibali <ratz@xxxxxxxxxxxx>
Date: Tue, 19 Sep 2006 13:09:13 +0200 
Hi Per,


Yes, you could try the forward shared approach:

     http://www.ssi.bg/~ja/#lvsgw


OK, I'm trying that, but I'm seeing something odd - let me describe my
test-setup: 
1+4 servers, all on the same physical network = n.n.n.72/73/74/75/76.
Server#1 is director, the others are real servers. My VIP is n.n.n.80. I've got the forward_shared patch applied on the director: 

# cat /proc/sys/net/ipv4/conf/all/forward_shared
1
Well, the ../all/* simply means that the feature globally is enabled now. However within the interface definition (aka ../ethX/*) it might be disabled, nevertheless. Could you please check if it's enabled per default? 

On a side note, an explanation of the flags all, default and others:

http://marc.theaimsgroup.com/?l=linux-virtual-server&m=97932487110806&w=2


# ipvsadm -l -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  217.8.220.80:25 rr
  -> 217.8.220.73:25              Route   1      0          0


Weren't the RS in the 88.198/16 range? I'm a bit confused.


The default route on the the real server (just server#2 for now) points
to the director at n.n.n.72.
I've got an external client on 88.198.n.n. 
I was trying to see what path responses from server#2 would take to get
back to the client, so I did some tracerouting and pinging, and this is
where something odd happened (odd to me anyway).

On the first traceroute from server#2 to my client at 88.198.n.n., I see
the path going through my director, looks good.  On a subsequent
traceroute, the director is skipped and instead the path goes straight
to my default gateway.  When I tried pinging instead I saw this:


1) DGW for RS2 should be the director
2) have you played with {send,accept}_redirect?


# ping  88.198.7.133
PING 88.198.7.133 (88.198.7.133) 56(84) bytes of data.

From 217.8.220.72: icmp_seq=1 Redirect Host(New nexthop: 217.8.220.66)


I'll be doing some more googling, but I thought someone might recognise
this right away?


PMTU and ICMP redirect. The director should not do that :).
Since I'm not sure anymore if I understand your network setup, would it be possible for you to send along a ASCII-sketch (no tabs, please) with IP addresses? 

Cheers,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: LVS-TUN setup - responses from realserver not being let through, Per Jessen
Next by Date:  Re: LVS-TUN setup - responses from realserver not being let through, Joseph Mack NA3T
Previous by Thread:  Re: LVS-TUN setup - responses from realserver not being let through, Roberto Nibali
Next by Thread:  Re: LVS-TUN setup - responses from realserver not being let through, Per Jessen
Indexes:  [Date] [Thread] [Top] [All Lists]