LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: PPPoE and LVS router

from [Joseph Mack NA3T] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: PPPoE and LVS router
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Sat, 17 Mar 2007 17:14:28 -0700 (PDT) 
On Sat, 17 Mar 2007, Hideki wrote:


Hi.
I have currently set up LVS like this,

| WAN : Internet | - | PPPoE Router + LVS | - | LAN : 2 real servers |
The PPPoE router is a single machine (for now) which handles the PPPoE connection as well as LVS (in NAT form with least connection forwarding method) toward its real servers (HTTP) in the LAN. When I access the LVS from inside the LAN, the requests get passed to the real servers and back to the client fine. But when accessed from the WAN, the machines stop responding after the content size goes beyond 1402 bytes. I just guessed this has something to do with PPPoE packet size and that is the reason server stops responding right after the size becomes 1403 bytes big.
hmm. icmp need_defrag packets are not getting back to the internet side of the PPPoE segment. They may not be being generated. It would help to debug the problem to know what's going on in this regard. Can you run tcpdump on the outside of the director on a client connection with < 1402 and >1402 bytes and see if the icmp packet is generated? If it is, can you figure out why the icmp packet is not making it to the client?
Noone has ever mentioned using PPPoE with LVS before, so I can't come out and say that we know it works. (I would have hoped it did, but that's not the same thing.)
What happens if you just have a bare realserver on the server end (ie rather than doing through the director)? PPPoE must be a solved problem already - presumably it's working everywhere else for packets > 1402. 



I have a 2.6.19 kernel and version 1.24 of ipvsadm.
In the iptables on the router, I have the mss fix packet mangling, so that SNAT works fine fetching data from the internet back to the LAN machines.
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ppp0 -j TCPMSS --clamp-mss-to-pmtu
does this help or do nothing? If PMTU is working, you shouldn't need this (clamping mss to the pmtu size sounds like a no-op to me). If PMTU is not working, then you'll need something like the command in the HOWTO section on LVS-Tun to handle the reduced payload for ipip packets. If that fixes it, then we've got another bug. 

Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  PPPoE and LVS router, Hideki
Next by Date:  Re: SNAT Confusion, Joseph Mack NA3T
Previous by Thread:  PPPoE and LVS router, Hideki
Next by Thread:  Re: PPPoE and LVS router, Hideki
Indexes:  [Date] [Thread] [Top] [All Lists]