Hello there,
I'm quite new with LVS and ldirectord, so please be patient if what I'm
asking has been asked before. I tried to solve my problem by searching
this list's archive but either my search-fu left me or nobody has
encountered this issue yet.
I currently have a 4 machine setup, all running a service on port 1234
udp. Machines a and b both run both the service and ldirectord, c and d
only run my service. Machines a and b have a failover ip address,
ldirectord state is not synched (yet). The scheduler is rr.
Currently the machine (the active one, either a or b) that has the
failover ip address marks it's incoming packaged with 0x9, my virtual
server uses fwm as protocol, matches mark 9 and distributes to all 4
servers. The other machine (the passive one) does not mark packages at
all. Active/passive is done with pacemaker.
My problem is this: If I do a failover and switch over my ip address for
whatever reasons, let's say from machine a to machine b, I get circling
packages and therefore some connections remain. Normally this shouldn't
happen because incoming packages at the passive machine should not get
tagged anymore and therefore should get handed to my service directly
without lvs involved. This somehow is not the case. To me it looks like
lvs ignores my virtual server config as long as it already has a
matching "connection" already. This is only a wild guess, though. What I
see is that lvs/ldirectord on my active machine dispatches packages to
my now-passive machine which dispatches them right back. ipvsamin -Ln
shows me that those circling packages keep alive previously existing
connections and therefore keep on circling.
My ldirectord.cf looks like this:
autoreload = yes
checkinterval = 1
checktimeout = 2
quiescent = no
readdquiescent = yes
failurecount = 3
fork = yes
cleanstop = yes
logfile = "/var/log/ldirectord.log"
virtual = 9
checktype = negotiate
checkport = 1234
protocol = fwm
real = 192.168.1.2:1234 gate
real = 192.168.1.3:1234 gate
real = 192.168.1.4:1234 gate
real = 192.168.1.5:1234 gate
scheduler = rr
service = http
I mark packages on my active machine using this iptables/netfilter rule:
/usr/sbin/iptables -t mangle -I PREROUTING -i ethX -p udp -m udp -d
192.168.1.1 --dport 1234 -j MARK --set-mark 0x9
Obviously 192.168.1.1 is my virtual server/failover ip, 192.168.1.2-4
are my physival servers. 2 and 3 are my machines a and b.
This is what my ipvsadm -Ln looks like when the above problem occurs:
Machine a:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 9 rr
-> 192.168.1.2:1234 Route 1 0 0
-> 192.168.1.3:1234 Route 1 0 5
-> 192.168.1.4:1234 Route 1 0 0
-> 192.168.1.5:1234 Route 1 0 0
Machine b:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 9 rr
-> 192.168.1.2:1234 Route 1 0 5
-> 192.168.1.3:1234 Route 1 0 0
-> 192.168.1.4:1234 Route 1 0 0
-> 192.168.1.5:1234 Route 1 0 0
These 5 connections stay there for a long time. If I use iptables to
block port 1234/udp between those machines these connections die away
quickly.
Please give me a hint on how to resolve this issue or where to find
documentation that describes how to resolve it.
Thanks in Advance,
Sascha Schneider
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|