LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] TCP Connection Sync Problems RHEL

To: "'LinuxVirtualServer.org users mailing list.'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] TCP Connection Sync Problems RHEL
From: "Frank Kirschner" <frank@xxxxxxxxxxxx>
Date: Tue, 29 Jul 2014 07:26:25 +0200
> -----Original Message-----
> From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx 
> [mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf 
> Of Lloyd Brown
> Sent: Tuesday, July 29, 2014 12:58 AM
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject: [lvs-users] TCP Connection Sync Problems RHEL
> 
> Hi, all.
> 
> I'm currently testing a RHEL 6.5 based LVS Director setup for 
> load balancing SSH connections.  I've used Debian directors 
> for a number of years, and they've worked great, but for some 
> reason, the RHEL directors aren't acting the way I'm expecting.
> 
> Basically I'm seeing two things:
> - The backup director doesn't seem to be getting the client 
> connection info synchronized
> - The connection info (eg. the output of "ipvsadm -L -c") 
> doesn't show the connection closing.  Instead it stays in 
> "ESTABLISHED" state until it times out.
> 
> I'm not really sure how to troubleshoot the second issue.  So 
> for now, I'm focusing on the first, the one about the 
> connection sync problem.  I did capture the packets between 
> the two directors, using tcpdump, and when I open the capture 
> file in wireshark, I see "Connection Count: 0".
>  When I do a similar capture on my working Debian directors, 
> I see non-zero connection count, and the details of the 
> specific connections, in the wireshark analysis.
> 
> Any thoughts here?  How do I go about finding the problem 
> here?  Should I be looking at kernel code? ipvsadm code?
> 
> I'm using keepalived to manage this, so I'll include that 
> .conf file here, as well as example capture files from my 
> working Debian setup, and the non-working RHEL test setup.  
> Note that the packet captures also include the VRRP sync 
> packets, but they can be ignored.
> 
> Both directors are basically stock RHEL 6.5, running kernel 
> 2.6.32-431.17.1.el6.x86_64, keepalived-1.2.7, and ipvsadm-1.25.
> 
> If anyone can point me in the right direction on how to 
> diagnose this, I'd appreciate it.
> 
> Thanks,
> 

Hi Lloyd,

do you have disables SELinux for the RHEL hosts? By the way: also set the
firewall to accept all (later if all is working you should set up a firewall
of cause)

I wich way you communicate the keepalived between the two directors? Over
Ethernet or serial cable?

best regards
Frank

mfg
Frank Kirschner

==============================
Frank Kirschner
IT Services
Celebrate Records GmbH
Am Birkenwaeldchen 2
09366 Stollberg
Germany
mail: frank@xxxxxxxxxxxx
web: www.celebrate.de
fon: +49 37296 9201 60
fax: +49 37296 9201 75
CEO: Carsten Haupt
USt ID: DE 812 617 147
Registered at Country Court Chemnitz
HRB ID: 16308
------------------------------
PGP-Key is available at pgp.mit.edu
------------------------------




_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>