LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] LVS-TUN BUG? - Intermittent incorrect source IP in TUN h

To: Michael Vallaly <lvs@xxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS-TUN BUG? - Intermittent incorrect source IP in TUN header for non-local realsevers (PBR no help)
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Julian Anastasov <ja@xxxxxx>
Date: Thu, 18 Jun 2015 10:45:12 +0300 (EEST)
        Hello,

On Wed, 17 Jun 2015, Michael Vallaly wrote:

> IPVS clusters with realservers on a remote L3 network (FWM 254), IPVS
> encapsulates the original packet (src 8.8.8.8 dst 4.4.4.4) in a IP
> header (src 192.168.254.15 dst 192.168.254.48) and emits the packet via
> the vlan500 interface passing it to the L2 (mac address) of
> 192.168.254.1. 
> 
> This worked swimmingly well until I noticed that very intermittently
> the following happens:
> 
> IPVS encapsulates the original packet (src 8.8.8.8 dst 4.4.4.4) in a IP
> header (src 172.23.10.11 dst 192.168.254.48) and emits the packet via
> the vlan500 interface passing it to the mac address of 192.168.254.1.
> (NOTE: the use of 172.23.10.11 rather than the expected 192.168.254.48
> source IP in the TUN header)

        May be IP 192.168.254.15 was removed?

        __ip_vs_get_out_rt should provide previous saddr but
after commit 026ace060dfe ("ipvs: optimize dst usage for real server")
we always provide 0.0.0.0 as initial source, so
do_output_route4 should always get fresh source address
and then will get second route with this source.

        So, now on dst_cache refresh we do not try
to preserve the previous saddr.

        If you see different address here, it means
it is returned by routing. The routing cache does
not keep source addresses but nexthops can remember
source returned by fib_info_update_nh_saddr. It
should be from the same subnet because you have
"via 192.168.254.1". Otherwise, first address from
device or system is returned.

        Also __ip_vs_dst_cache_reset is called on
dest add/edit, for dests coming from trash...
I'll think more on this problem but for now I don't
see what can be the cause.

> So in the last 24 hours out of 1.5M packets emitted by IPVS on vlan500
> (FWM 254) I had 349 packets which get emitted with the wrong source IP
> address in the Tunnel IP header. The periods where the wrong source IP
> is used by IPVS seem to last for ~2-5min at a time, and affects all
> traffic in the LVS cluster with remote L3 realservers. 

        Do you see same IP/routing config when this
happens?

Regards

--
Julian Anastasov <ja@xxxxxx>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>