|
I've never used that method before, I would think you would need to be
careful with your rp_filter settings?
The ones I know that do work with the DR mode LVS arp problem are:
http://pdfs.loadbalancer.org/quickstartguideLBVMv7.pdf
Page 30: loopback + arp_ignore sysctl values
or forget the loopback and use just
Page 29: iptables method
On 24 March 2014 20:57, Tiago <sytker@xxxxxxxxx> wrote:
> Hi Malcom,
>
> Answering:
>>Is the apache server responding to BOTH the RIP & the VIP? (RIP for
>>health checks, VIP for load balanced traffic)
>
> root@web1:/var/log/apache2# netstat -ntlpd | grep :80
> tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
> 10159/apache2
>
>
>>And how have you solved the ARP problem for the loopback adapter?
>
> As we have completely separate vlans, the traffic which comes to VIP
> doesn't reach RIP network segment. So, per some instructions I didn't take
> any measure on it, I hope that approach is correct.
>
> Basically I have:
> LVS server:
>
> eth1 (vlan 2054) with public IPs
> eth0 (vlan 1296) with private IPs
>
> So I have VIP on top of eth1.
> And I have an 10.56.213.6 on top of eth0.
>
> Real servers:
> eth1 (vlan 2054) with public IPs
> eth0 (vlan 1296) with private IPs
>
> So I have VIP on lo:0
> And I have 10.56.213.20 on top of eth0 on realserver 1 and I have
> 10.56.213.21 on top of eth0 on realserver 2.
>
> Thanks
>
>
>
>
> 2014-03-24 17:40 GMT-03:00 Malcolm Turnbull <malcolm@xxxxxxxxxxxxxxxx>:
>
>> Tiago,
>>
>> Is the apache server responding to BOTH the RIP & the VIP? (RIP for
>> health checks, VIP for load balanced traffic)
>> And how have you solved the ARP problem for the loopback adapter?
>>
>>
>>
>> On 24 March 2014 20:00, Tiago <sytker@xxxxxxxxx> wrote:
>> > Hello all,
>> >
>> > I'm trying to setup an LVS-DR here for a couple of webservers. My
>> scenario
>> > is:
>> >
>> > Eth1 and eth0 are in separated vlans.
>> >
>> > 1. My realservers ips: 10.56.213.31-10.56.213.32 at eth0
>> > 2.
>> > 3. myrealip** at eth1 (its a public IP)
>> > 4.
>> > 5.
>> > 6. root@lvs1:~# ipvsadm
>> > 7. IP Virtual Server version 1.2.1 (size=4096)
>> > 8. Prot LocalAddress:Port Scheduler Flags
>> > 9. -> RemoteAddress:Port Forward Weight ActiveConn
>> InActConn
>> > 10. TCP myrealip**:http wlc
>> > 11. -> 10.56.213.31:http Route 1 0 0
>> > 12. -> 10.56.213.32:http Route 1 0 0
>> > 13.
>> > 14. On realservers:
>> > 15. lo:0 Link encap:Local Loopback
>> > 16. inet addr:myrealip** Mask:255.255.255.255
>> > 17. UP LOOPBACK RUNNING MTU:16436 Metric:1
>> > 18.
>> > 19. route -n:
>> > 20. myrealip** 0.0.0.0 255.255.255.255 UH 0 0
>> 0
>> > lo
>> > 21.
>> > 22.
>> > 23. When someone try to access myrealip**:80 I have:
>> > 24. -> 10.56.213.31:http Route 1 0 1
>> > 25. -> 10.56.213.32:http Route 1 0 0
>> > 26.
>> > 27. And on realserver 10.56.213.31:
>> > 28.
>> > 29. root@web1:/var/log/apache2# tcpdump -ni eth0 host 216.5.78.123
>> (my
>> > source ip)
>> > 30. tcpdump: WARNING: eth0: no IPv4 address assigned
>> > 31. tcpdump: verbose output suppressed, use -v or -vv for full
>> protocol
>> > decode
>> > 32. listening on eth0, link-type EN10MB (Ethernet), capture size 65535
>> > bytes
>> > 33. 13:40:35.267880 IP 216.5.78.123.37026 > myrealip**.80: Flags [S],
>> > seq 2186878409, win 14600, options [mss 1460,sackOK,TS val 164050646
>> ecr
>> > 0,nop,wscale 7], length 0
>> > 34. 13:40:36.270371 IP 216.5.78.123.37026 > myrealip**.80: Flags [S],
>> > seq 2186878409, win 14600, options [mss 1460,sackOK,TS val 164051646
>> ecr
>> > 0,nop,wscale 7], length 0
>> > 35. 13:40:38.276806 IP 216.5.78.123.37026 > myrealip**.80: Flags [S],
>> > seq 2186878409, win 14600, options [mss 1460,sackOK,TS val 164053646
>> ecr
>> > 0,nop,wscale 7], length 0
>> > 36. 13:40:42.294667 IP 216.5.78.123.37026 > myrealip**.80: Flags [S],
>> > seq 2186878409, win 14600, options [mss 1460,sackOK,TS val 164057646
>> ecr
>> > 0,nop,wscale 7], length 0
>> > 37. 13:40:50.328756 IP 216.5.78.123.37026 > myrealip**.80: Flags [S],
>> > seq 2186878409, win 14600, options [mss 1460,sackOK,TS val 164065646
>> ecr
>> > 0,nop,wscale 7], length 0
>> > 38.
>> > 39. But I can't see the answer going back to me in any interface I
>> have
>> > at these realservers. I don't get any HTTP HIT at apache either.
>> >
>> > Obviously it seems I'm missing something here, however, I can't see
>> clearly
>> > what is it.
>> >
>> > Can you help on this?
>> >
>> > Thanks in advance!
>> > _______________________________________________
>> > Please read the documentation before posting - it's available at:
>> > http://www.linuxvirtualserver.org/
>> >
>> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>>
>>
>> --
>> Regards,
>>
>> Malcolm Turnbull.
>>
>> Loadbalancer.org Ltd.
>> Phone: +44 (0)870 443 8779
>> http://www.loadbalancer.org/
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
--
Regards,
Malcolm Turnbull.
Loadbalancer.org Ltd.
Phone: +44 (0)870 443 8779
http://www.loadbalancer.org/
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
