Re: [lvs-users] DR : real server unable to reach VIP

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] DR : real server unable to reach VIP
From:	Florent B <florent@xxxxxxxxxxx>
Date:	Wed, 20 May 2015 13:49:58 +0200

On 05/20/2015 01:32 PM, Anders Henke wrote:
> On 20.05.2015, Florent B wrote:
>> On 05/20/2015 12:21 PM, Michael Schwartzkopff wrote:
>>> Am Mittwoch, 20. Mai 2015, 12:00:01 schrieb Florent B:
>>>> Some precisions :
>>>>
>>>> In fact packets are computed by LVS, the problem is that RS receives a
>>>> packets with :
>>>> - its proper eth0 IP in src, but with mac address of LVS server
>>> "its": which IP in the source field? The source IP address should
>> always be the
>>> IP address of the client. The source address should never be the IP
>> adress of
>>> the real server.
>>>
>>> MAC address of the director: That is corret.
>> The source IP address is the IP address of the client, but the client
>> here is my real server. It tries to connect to VIP.
> Hi Florent,
>
> You've hit a very special corner case.
>
> When you're trying to access your VIP from a real server, your real server 
> does discover the VIP to be a local IP address. As a consequence, the traffic 
> isn't bpassed onto your local network, but routed via loopback and this 
> traffic is not being loadbalanced at all, 100% of this traffic is delivered 
> to the same real server.
>
> If your client application doesn't specify a specific source IP address, the 
> Linux kernel does select an IP address which is (in terms of routing) most 
> close to the destination address. In this special cornercase, it is the very 
> same IP address than the destination address.
>
> You can verify this behaviour by running "ip route get VIP" on your 
> realserver (replace "VIP" by the VIP address). As an example:
>
> $ ip route get 172.17.24.42
> local 172.17.24.42 dev lo  src 172.17.24.42 
>     cache <local> 
>
> This reads as following:
> - 172.17.24.42 is locally configured on this host.
> - the packet is being routed via the loopback device ("dev lo").
> - source IP address will be 172.17.24.42
>
>
> Best,
>
> Anders

Hi Anders,

My VIP is not configured on RS. I use the iptables solution because I
need traffic to be load-balanced (if service is down on the RS I want to
access it for example...).

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] DR : real server unable to reach VIP, Florent B Re: [lvs-users] DR : real server unable to reach VIP, Florent B Re: [lvs-users] DR : real server unable to reach VIP, Michael Schwartzkopff Re: [lvs-users] DR : real server unable to reach VIP, Florent B Re: [lvs-users] DR : real server unable to reach VIP, Michael Schwartzkopff Re: [lvs-users] DR : real server unable to reach VIP, Florent B Re: [lvs-users] DR : real server unable to reach VIP, Anders Henke Re: [lvs-users] DR : real server unable to reach VIP, Florent B <= Re: [lvs-users] DR : real server unable to reach VIP, Florent B Re: [lvs-users] DR : real server unable to reach VIP, Jonathan Petersson Re: [lvs-users] DR : real server unable to reach VIP, Florent B Re: [lvs-users] DR : real server unable to reach VIP, support

Previous by Date:	Re: [lvs-users] DR : real server unable to reach VIP, Florent B
Next by Date:	Re: [lvs-users] DR : real server unable to reach VIP, Florent B
Previous by Thread:	Re: [lvs-users] DR : real server unable to reach VIP, Anders Henke
Next by Thread:	Re: [lvs-users] DR : real server unable to reach VIP, Florent B
Indexes:	[Date] [Thread] [Top] [All Lists]