Re: [lvs-users] Another newbie question

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] Another newbie question
From:	Romain Meillon <r.meillon@xxxxxxxxxxxx>
Date:	Wed, 13 Apr 2011 17:43:26 +0200

Thanks for your reply

When the real server anwers to the client through the IPVS, the packet
is 'un-NATed' and arrives to the client with the public IP as source.

If i use direct routing, the IPVS redirects the packet without NAT so
the services need to listen on the public IP, on the real server ?

Real server tcpdump in gate mode :

17:30:25.934418 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S
1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK>
17:30:25.934423 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S
1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK>
17:30:25.934467 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S
1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK>
17:30:25.934471 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S
1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK>
17:30:25.934516 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S
1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK>
17:30:25.934538 IP 10.254.0.100 > <CLIENT_IP>: ICMP time exceeded
in-transit, length 56

No service listening on this IP, no connection established, normal.

There is something i missed

2011/4/13 David Coulson <david@xxxxxxxxxxxxxxxx>:
> On 4/13/11 10:45 AM, Romain Meillon wrote:
>>
>> 16:31:55.428339 IP<CLIENT_IP>.59856>  10.254.0.100.25: S
>> 4217040225:4217040225(0) win 8192<mss 1460,nop,nop,sackOK>
>> 16:31:55.428402 IP 10.254.0.100.25>  <CLIENT_IP>.59856: S
>> 2200826876:2200826876(0) ack 4217040226 win 5840<mss
>> 1460,nop,nop,sackOK>
>> 16:31:55.474609 IP<CLIENT_IP>.59856>  10.254.0.100.25: . ack 1 win 64240
>> 16:31:55.505497 IP 10.254.0.100.25>  <CLIENT_IP>.59856: P 1:49(48) ack
>> 1 win 5840
>> 16:31:58.505138 IP 10.254.0.100.25>  <CLIENT_IP>.59856: P 1:49(48) ack
>> 1 win 5840
>>
>> if someone can enlighten me i would be enjoyed :)
>
> When you use Masq the response has to route back through the IPVS server to
> 'un-NAT' the packet. You may be better off using direct/gateway routing,
> which handles this type of asymmetric routing.
>
> David
>

-- 
Romain

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] Another newbie question, Romain Meillon Re: [lvs-users] Another newbie question, David Coulson Re: [lvs-users] Another newbie question, Romain Meillon <= Re: [lvs-users] Another newbie question, David Coulson Re: [lvs-users] Another newbie question, Romain Meillon Re: [lvs-users] Another newbie question, David Coulson Re: [lvs-users] Another newbie question, Romain Meillon Re: [lvs-users] Another newbie question, Julian Anastasov Re: [lvs-users] Another newbie question, Romain Meillon Re: [lvs-users] Another newbie question, Julian Anastasov Re: [lvs-users] Another newbie question, Romain Meillon Re: [lvs-users] Another newbie question, Romain Meillon [lvs-users] Looking for Keepalived VRRP VMAC beta testers, Alexandre Cassen

Previous by Date:	Re: [lvs-users] Another newbie question, David Coulson
Next by Date:	Re: [lvs-users] Another newbie question, David Coulson
Previous by Thread:	Re: [lvs-users] Another newbie question, David Coulson
Next by Thread:	Re: [lvs-users] Another newbie question, David Coulson
Indexes:	[Date] [Thread] [Top] [All Lists]