Re: [lvs-users] Curl request from linux director to the virtual ip addre

To:	Julian Anastasov <ja@xxxxxx>
Subject:	Re: [lvs-users] Curl request from linux director to the virtual ip address times out
Cc:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From:	Viktor Nonov <viktor@xxxxxxxxxxxxxxxx>
Date:	Thu, 16 Aug 2018 11:47:30 -0700

Hello Julian,

Your answer helped me solve the problem:

Since the box has its public facing interface setup with $DIP and an alias
interface for the $VIP I needed to make one more additional setting shown
below.

Replacing the route enabled successfully sending and delivering  the SYN
packet to one of the real servers, but the SYN-ACK packet that was received
was considered by the kernel a martian packet since the source IP was $VIP
(assigned to the director's local interface) and destination IP - the $DIP.
This was solved by setting accept_local to 1:
sysctl -w net.ipv4.conf.all.accept_local=1

So in summary:
ip route replace local $VIP dev $DEV proto kernel scope host src $DIP
sysctl -w net.ipv4.conf.all.accept_local=1

Not sure if setting accept_local to 1 will lead to other problems, but
everything works okay for now.

Thanks for you help,
Viktor

On Wed, Aug 8, 2018 at 10:33 PM Julian Anastasov <ja@xxxxxx> wrote:

>
>         Hello,
>
> On Wed, 8 Aug 2018, Viktor Nonov wrote:
>
> > I have a pretty simple setup for 2 real servers getting direct routing
> from
> > a linux director.
> > [image: unnamed.png]
> > Things work great for clients outside of the network (like from my local
> > machine), but if I try to make a request (through curl) to the VIP from
> the
> > Linux Director machine, I get a timeout & no requests make it to the Real
> > Server.
> >
> > Any pointers?
>
>         Probably because VIP is used as source IP in director. Try
> ip route replace local $VIP dev $DEV proto kernel scope host src $DIP
>
> where VIP is your virtual IP and DIP is your unique IP in director.
> Before that you can see the route that is to be replaced with
> ip route list table local
>
> Regards
>
> --
> Julian Anastasov <ja@xxxxxx>
>
-- 
Viktor Nonov
Software Engineer
<img src="
https://googledrive.com/host/0B4qfwyJLCrqPWDAwLXpYbmY4OGM/signature_logo.jpg
">
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] Curl request from linux director to the virtual ip address times out, Viktor Nonov Re: [lvs-users] Curl request from linux director to the virtual ip address times out, Julian Anastasov Re: [lvs-users] Curl request from linux director to the virtual ip address times out, Viktor Nonov <= Re: [lvs-users] Curl request from linux director to the virtual ip address times out, Carl S. Gutekunst Re: [lvs-users] Curl request from linux director to the virtual ip address times out, Julian Anastasov

Previous by Date:	Re: [lvs-users] Curl request from linux director to the virtual ip address times out, Julian Anastasov
Next by Date:	Re: [lvs-users] Curl request from linux director to the virtual ip address times out, Carl S. Gutekunst
Previous by Thread:	Re: [lvs-users] Curl request from linux director to the virtual ip address times out, Julian Anastasov
Next by Thread:	Re: [lvs-users] Curl request from linux director to the virtual ip address times out, Carl S. Gutekunst
Indexes:	[Date] [Thread] [Top] [All Lists]