LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] LVS-DR problem.

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS-DR problem.
From: Anil Sharma <toanilsharma1@xxxxxxxxx>
Date: Fri, 20 Feb 2009 13:22:03 +0530
Have you check your firewall configuration.? direct routing is sometimes not
permitted by the network setup, it assumes DR like IP spoofing.
I tried DR but didn't worked. but sure TUNULING would work. remember all the
servers under same Router. otherwise your packet would be droped at the
forigen router.

Configure your Ldirector this way


negotiatetimeout=10
checktimeout=10
checkinterval=30
checkcount=10
autoreload=no
logfile="/var/log/ldirectord.log"

virtual=yourVIP:443
        real=RS1IP:443 ipip  ## this is IPIP incapsulation
        real=RS2IP:443 ipip
        service=https
        request="/www/test.html" # this is the Test file for Ldirector to
test the health of RS
        receive="300"
        scheduler=sh # this schedular is for source hashing
        protocol=tcp
        checktype=negotiate
virtual=yourVIP:1369   # you may add more than 1 virtual service in
Ldirector
        real=RS1IP:1369 ipip
        real=RS2IP:1369 ipip
        checkport=369
        service=ldap
        request="dc=yourSuffix"
        receive="dc=yourSuffix"
        scheduler=rr  # this is for round robin
        protocol=tcp
        checktype=negotiate


Configure the tunul on your Real Servers like this.

ifconfig tunl0 0.0.0.0 up;
ifconfig tunl0 yourVIP netmask 255.255.255.255 broadcast yourVIP;
echo "1" > /proc/sys/net/ipv4/conf/all/hidden;
echo "1" > /proc/sys/net/ipv4/conf/tunl0/hidden;
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore;
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce;
echo "1" > /proc/sys/net/ipv4/conf/tunl0/arp_ignore;
echo "2" > /proc/sys/net/ipv4/conf/tunl0/arp_announce;
echo "0" > /proc/sys/net/ipv4/conf/tunl0/rp_filter;
echo "1" > /proc/sys/net/ipv4/ip_forward;
/etc/init.d/arno-iptables-firewall stop;

Now start you Ldirector   :::     ldirectord start

Good Luck

Regards
Anil Sharma


On Fri, Feb 20, 2009 at 12:05 PM, Meghanand Acharekar <
vasco.postfix@xxxxxxxxx> wrote:

> Hi,
> I am having following configuration of LVS Cluster.
> All servers in the following configuration have Public IP and can access
> internet.
>
> I want to setup Linux-DR
>
> Master/ Director
> IP address = 192.168.0.1
> Gateway = 192.168.0.254
> VIP = 192.168.2.1
>
> Realserver 1
> IP Address = 192.168.2.2
> Gateway = 192.168.2.254
> Netmask = 255.255.255.224
>
> Realserver 2
> IP Address = 192.168.2.3
> Gateway = 192.168.2.254
> Netmask = 255.255.255.224
>
>
> All the systems are CENTOS 5.2
>
> I enabled packet forwarding on Director using
> also disabled arp request
>
> My sysctrl -p output on realservers is as follows
> [root@localhost ~]# sysctl -p
> net.ipv4.ip_forward = 1
> net.ipv4.conf.default.rp_filter = 1
> net.ipv4.conf.default.accept_source_route = 0
> kernel.sysrq = 0
> kernel.core_uses_pid = 1
> net.ipv4.tcp_syncookies = 1
> kernel.msgmnb = 65536
> kernel.msgmax = 65536
> kernel.shmmax = 4294967295
> kernel.shmall = 268435456
> net.ipv4.conf.eth0.arp_ignore = 1
> net.ipv4.conf.eth0.arp_announce = 2
> net.ipv4.conf.all.arp_ignore = 1
> net.ipv4.conf.all.arp_announce = 2
>
> I configured VIP on Director using following command
> ifconfig eth1 192.168.2.1 broadcast 192.168.2.255 netmask 255.255.0.0
>
> I am running smtp service on both the realservers,
>
> Did all stuff with ipvsadm
>
> but still not able to telnet 192.168.2.1 25
>
> it gives me
>
> Trying 216.185.60.11...
> telnet: Unable to connect to remote host: No route to host
>
> but I am able to ping 216.185.60.1
>
> Not able to find out the prob,
>
> Thanx in adv.
>
> Meghanand Acharekar
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>