LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Newbie redirect/tunneling question (solved)

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Newbie redirect/tunneling question (solved)
From: harlan@xxxxxxxxxxxxx
Date: Wed, 29 Dec 1999 12:42:18 -0600 (CST)
Hi,

Thank you for your reply!

Wensong writes:

> As Julian said, it is simple to change the TTL of your domain entry.
> :-)

I've changed it before only to have half our customers be unable to
get to our site; setting TTL and the other timeouts to unusual values
makes a lot of places decide that the domain is misconfigured, and
they drop it.  (Despite it getting a clean bill of health from domain
checking software.)

One of the first things I thought of when reading about LVS was how
nicely it would solve this problem, but it looks like it can't,
through no fault of its own.

> There must be gateways between the Server and the Client. You may
> check if the gateways close to you drop packets, whose source address
> is 1.2.3.5. If your gateway drop packets that don't belong to your
> 5.6.7.0 network, the connection can never been established.

You weren't right when you wrote that, but you're right now :)

A tcpdump didn't show the server generating any outgoing packets at
all, so there were no packets to be blocked.

It turns out that IP-spoofing protection was preventing the server
from sending out the packets with the 'wrong' source address.  I
disabled anti-spoofing measures and now the server happily sends out
the correct packets.

...which never arrive at their destination, surely for the reason you
suggest.

What a pain.

I think what I'll try now is to set up a generic tunneling situation,
not involving LVS, to see if I can get the new server to take over the
IP address of the old one.  It's not as nice (essentially masquerading
instead of direct routing), but it ought to work.  (I tried it before
with no luck, but perhaps anti-spoofing was getting in my way there
too.)

Thank you for your time, and in particular thank you for LVS, which
has worked wonderfully for us when using it as designed :)

FOREVER a newbie...,

--
Pete Harlan
harlan@xxxxxxxxxxxxx

----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>
  • Re: Newbie redirect/tunneling question (solved), harlan <=