Re: [lvs-users] question about LVS

[Michiel van Es <mve@xxxxxxxxxxxxxxxxx>]

-------- Original Message --------
Subject: Re: [lvs-users] question about LVS
From: Ryan Manikowski <ryan@xxxxxxxxxxx>
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Date: 05/03/2010 04:19 PM

> On 5/3/2010 9:41 AM, Michiel van Es wrote:
>> Could it be that server1 isn't working correctly that the LVS DR does
>> not route traffic to that server?
>>
>> It can connect:
>>
>> root@vps704:~/scripts# telnet server1.pcintelligence.nl 25
>> Trying 194.145.200.17...
>> Connected to server1.pcintelligence.nl.
>> Escape character is '^]'.
>> 220 PCIntelligence mailserver 1 - mx1.pcintelligence.nl ESMTP
>> quit
>> 221 PCIntelligence mailserver 1 - mx1.pcintelligence.nl
>> Connection closed by foreign host.
>>
>>
>> But I keep getting forward only to real server2:
>>
>> 221 PCIntelligence mailserver 2 - mx2.pcintelligence.nl
>> Connection closed by foreign host.
>> michiel@wmichiele:~$ telnet 194.145.200.87 25
>> Trying 194.145.200.87...
>> telnet: Unable to connect to remote host: No route to host
>> michiel@wmichiele:~$ telnet 194.145.200.87 25
>> Trying 194.145.200.87...
>> Connected to 194.145.200.87.
>> Escape character is '^]'.
>> 220 PCIntelligence mailserver 2 - mx2.pcintelligence.nl ESMTP
>> quit
>> 221 PCIntelligence mailserver 2 - mx2.pcintelligence.nl
>> Connection closed by foreign host.
>>
>>
>> And because it is RR, that is perhaps why I get the first time server2
>> and the 2nd time server1 and I get the telnet: Unable to connect to
>> remote host: No route to host
>>
>> What should I check on server1?
>> I also tried to change the weight on the LVS DR server from server 1 to
>> 2 so it would get more hits but no avail:
>>
>> I am running this on the LVS server:
>>
>> #!/bin/bash
>> #---------------mini-rc.lvs_dr-director------------------------
>> #set ip_forward OFF for lvs-dr director (1 on, 0 off)
>> #(there is no forwarding in the conventional sense for LVS-DR)
>> cat       /proc/sys/net/ipv4/ip_forward
>> echo "0">/proc/sys/net/ipv4/ip_forward
>>
>> #director is not gw for realservers: leave icmp redirects on
>> echo 'setting icmp redirects (1 on, 0 off) '
>> echo "1">/proc/sys/net/ipv4/conf/all/send_redirects
>> cat       /proc/sys/net/ipv4/conf/all/send_redirects
>> echo "1">/proc/sys/net/ipv4/conf/default/send_redirects
>> cat       /proc/sys/net/ipv4/conf/default/send_redirects
>> echo "1">/proc/sys/net/ipv4/conf/eth0/send_redirects
>> cat       /proc/sys/net/ipv4/conf/eth0/send_redirects
>>
>> #add ethernet device and routing for VIP 194.145.200.87
>> /sbin/ifconfig eth0:110 194.145.200.87 broadcast 194.145.200.87 netmask
>> 255.255.255.255
>> /sbin/route add -host 194.145.200.87 dev eth0:110
>> #listing ifconfig info for VIP 194.145.200.87
>> /sbin/ifconfig eth0:110
>>
>> #check VIP 194.145.200.87 is reachable from self (director)
>> /bin/ping -c 1 194.145.200.87
>> #listing routing info for VIP 194.145.200.87
>> /bin/netstat -rn
>>
>> #setup_ipvsadm_table
>> #clear ipvsadm table
>> /sbin/ipvsadm -C
>> #installing LVS services with ipvsadm
>> #add smtp to VIP with round robin scheduling
>> /sbin/ipvsadm -A -t 194.145.200.87:smtp -s rr
>>
>> #forward smtp to realserver using direct routing with weight 1
>> /sbin/ipvsadm -a -t 194.145.200.87:smtp -r 194.145.200.17 -g -w 2
>> #check realserver reachable from director
>> ping -c 1 194.145.200.17
>>
>> #forward smtp to realserver using direct routing with weight 1
>> /sbin/ipvsadm -a -t 194.145.200.87:smtp -r 194.145.200.171 -g -w 1
>> #check realserver reachable from director
>> ping -c 1 194.145.200.171
>>
>> #displaying ipvsadm settings
>> /sbin/ipvsadm
>>
>> #not installing a default gw for LVS_TYPE vs-dr
>> #---------------mini-rc.lvs_dr-director------------------------
>>
>>
>> And on the real servers:
>>
>> #!/bin/bash
>> #----------mini-rc.lvs_dr-realserver------------------
>> #installing default gw 192.168.1.254 for vs-dr
>> #/sbin/route add default gw 192.168.1.254
>> #showing routing table
>> /bin/netstat -rn
>> #checking if DEFAULT_GW 192.168.1.254 is reachable
>> #ping -c 1 192.168.1.254
>>
>> #set_realserver_ip_forwarding to OFF (1 on, 0 off).
>> echo "0">/proc/sys/net/ipv4/ip_forward
>> cat       /proc/sys/net/ipv4/ip_forward
>>
>> #looking for DIP 192.168.1.9
>> ping -c 1 194.145.200.86
>>
>> #looking for VIP (will be on director)
>> ping -c 1 194.145.200.87
>>
>> #install_realserver_vip
>> /sbin/ifconfig lo:110 194.145.200.87 broadcast 194.145.200.87 netmask
>> 0xffffffff up
>> #ifconfig output
>> /sbin/ifconfig lo:110
>> #installing route for VIP 194.145.200.87 on device lo:110
>> /sbin/route add -host 194.145.200.87 dev lo:110
>> #listing routing info for VIP 194.145.200.87
>> /bin/netstat -rn
>>
>> #hiding interface lo:110, will not arp
>> #echo "1">/proc/sys/net/ipv4/conf/all/hidden
>> #cat       /proc/sys/net/ipv4/conf/all/hidden
>> #echo "1">/proc/sys/net/ipv4/conf/lo/hidden
>> #cat       /proc/sys/net/ipv4/conf/lo/hidden
>> echo 1>  /proc/sys/net/ipv4/conf/eth0/arp_ignore
>> echo 2>  /proc/sys/net/ipv4/conf/eth0/arp_announce
>> echo 1>  /proc/sys/net/ipv4/conf/all/arp_ignore
>> echo 2>  /proc/sys/net/ipv4/conf/all/arp_announce
>>
>> #----------mini-rc.lvs_dr-realserver------------------
>>
>>
>> Am I missing something?
>> I found it awkward it server1 does not give a banner..I think LVS sees
>> the server up (server1) but something goes wrong with the return traffic
>> so that is perhaps why I sometimes get the 'Unable to connect to remote
>> host: No route to host'
>>
>> How can I troubleshoot and confirm this?
>>
>> Kind Regards,
>>
>> Michiel
>>
>> -------- Original Message --------
>> Subject: Re: [lvs-users] question about LVS
>> From: Michiel van Es<mve@xxxxxxxxxxxxxxxxx>
>> To: LinuxVirtualServer.org users mailing list.
>> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>> Date: 05/03/2010 02:39 PM
>>
>>
>>>
>>> -------- Original Message --------
>>> Subject: Re: [lvs-users] question about LVS
>>> From: Michael Schwartzkopff<misch@xxxxxxxxxxx>
>>> To: LinuxVirtualServer.org users mailing list.
>>> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>>> Date: 05/03/2010 02:34 PM
>>>
>>>
>>>> Am Montag, 3. Mai 2010 14:31:32 schrieb Michiel van Es:
>>>>
>>>>> So to get it right:
>>>>>
>>>>> On the director:
>>>>>     >>>>    net.ipv4.ip_forward = 1
>>>>>
>>>>> On the real servers:
>>>>>     >>>>    net.ipv4.conf.all.arp_ignore = 1
>>>>>     >>>>    net.ipv4.conf.eth0.arp_ignore = 1
>>>>>     >>>>    net.ipv4.conf.all.arp_announce = 2
>>>>>     >>>>    net.ipv4.conf.eth0.arp_announce = 2
>>>>>
>>>>> No forwarding on the real servers right?
>>>>>
>>>> Correct
>>>>
>>> Thanks.
>>>
>>> I still got the same results:
>>>
>>> I only connect to server2 and never to server1, also 1 of the 2 times I
>>> get a 'No route to host':
>>>
>>> michiel@wmichiele:~$ telnet 194.145.200.87 25
>>> Trying 194.145.200.87...
>>> Connected to 194.145.200.87.
>>> Escape character is '^]'.
>>> 220 PCIntelligence mailserver 2 - mx2.pcintelligence.nl ESMTP
>>> quit
>>> 221 PCIntelligence mailserver 2 - mx2.pcintelligence.nl
>>> Connection closed by foreign host.
>>> michiel@wmichiele:~$ telnet 194.145.200.87 25
>>> Trying 194.145.200.87...
>>> telnet: Unable to connect to remote host: No route to host
>>> michiel@wmichiele:~$ telnet 194.145.200.87 25
>>> Trying 194.145.200.87...
>>> Connected to 194.145.200.87.
>>> Escape character is '^]'.
>>> 220 PCIntelligence mailserver 2 - mx2.pcintelligence.nl ESMTP
>>> quit
>>> 221 PCIntelligence mailserver 2 - mx2.pcintelligence.nl
>>> Connection closed by foreign host.
>>> michiel@wmichiele:~$ telnet 194.145.200.87 25
>>> Trying 194.145.200.87...
>>> telnet: Unable to connect to remote host: No route to host
>>>
>>>
>>>
>>>>
>>> _______________________________________________
>>> Please read the documentation before posting - it's available at:
>>> http://www.linuxvirtualserver.org/
>>>
>>> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>
> Just curious, can you telnet from 194.145.200.87 to 194.145.200.171:25?
> Sounds as though the host at .171 is either a) not listening on port 25
> or b) firewall rules (iptables) are preventing the connection from being
> established. From experience, both will cause 'no route to host' errors.

Both are working and listening and available from the LVS-DR:

root@vps704:~/scripts# telnet server1.pcintelligence.nl 25
Trying 194.145.200.17...
Connected to server1.pcintelligence.nl.
Escape character is '^]'.
220 PCIntelligence mailserver 1 - mx1.pcintelligence.nl ESMTP
quit
221 PCIntelligence mailserver 1 - mx1.pcintelligence.nl
Connection closed by foreign host.
root@vps704:~/scripts# telnet server2.pcintelligence.nl 25
Trying 194.145.200.171...
Connected to server2.pcintelligence.nl.
Escape character is '^]'.
220 PCIntelligence mailserver 2 - mx2.pcintelligence.nl ESMTP
quit
221 PCIntelligence mailserver 2 - mx2.pcintelligence.nl
Connection closed by foreign host.

Kind regards,

Michiel

>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users