|
Hello,
I've set up a small LVS cluster, 2 LVS routers, 2 real servers, NAT routing, for web services. Web services on all VIPs work from my (64.30.29.0/24) network, as well as from a leased server at DigitalNation, so I'm assuming the setup is mostly correct. The VIP's can be pinged from these sources, and tracerouted to from various traceroute servers around the net.
My problem, some users at some ISP's can ping, and not get web traffic (Adelphia.net). Others can't ping or get web traffic (bellatlantic.net,aol.com).
I've heard that enabling persistence helps, it hasn't in my case.
Has anyone else seen this behavior, and if so, what's the fix?
I'm using Piranha - here's my setup:
Internet (64.30.29.1)
_______________|___________
| |
Piranha1 (64.30.29.26 eth0) -- Piranha2 (64.30.29.50 eth0) (Real IP)
| |
Appserver1 (10.0.0.92) -- Appserver2 (10.0.0.93) (Internal)
lvs.cf:
primary = 64.30.29.26
service = lvs
rsh_command = rsh
backup_active = 1
backup = 64.30.29.50
heartbeat = 1
heartbeat_port = 539
keepalive = 6
deadtime = 18
network = nat
nat_router = 10.0.0.91 eth1
virtual Search {
active = 1
address = 64.30.29.28 eth0:0
port = 80
persistent = 180
pmask = 255.255.255.255
send = "GET / HTTP/1.0\r\n\r\n"
expect = "HTTP"
load_monitor = uptime
scheduler = wrr
protocol = tcp
persistent = 180
timeout = 6
reentry = 15
server Search-Appserver1 {
address = 10.0.0.94
active = 1
weight = 1000
}
server Search-Appserver2 {
address = 10.0.0.95
active = 1
weight = 1000
}
}
virtual Finder {
active = 1
address = 64.30.29.27 eth0:1
port = 80
persistent = 180
pmask = 255.255.255.255
send = "GET / HTTP/1.0\r\n\r\n"
expect = "HTTP"
load_monitor = uptime
scheduler = wrr
protocol = tcp
persistent = 180
timeout = 6
reentry = 15
server Appserver1 {
address = 10.0.0.92
active = 1
weight = 1000
}
server Appserver2 {
address = 10.0.0.93
active = 1
weight = 1000
}
}
virtual Editor {
active = 1
address = 64.30.29.29 eth0:2
port = 80
persistent = 180
pmask = 255.255.255.255
send = "GET /pulse.html HTTP/1.0\r\n\r\n"
expect = "HTTP"
load_monitor = uptime
scheduler = wrr
protocol = tcp
persistent = 180
timeout = 6
reentry = 15
server ED-Appserver1 {
address = 10.0.0.103
active = 1
weight = 1000
}
server ED-Appserver2 {
address = 10.0.0.104
active = 1
weight = 1000
}
}
Internet,Piranha1 (eth0),piranha2(eth0) are connected via hub
Prianha1 (eth1),Piranha2 (eth1),Appserver1(eth0),Appserver2(eth0) via switch
2 Appservers (real servers) set up with gateway = 10.0.0.91
sysctl.conf:
# Disables packet forwarding
net.ipv4.ip_forward = 1
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Disables automatic defragmentation (needed for masquerading, LVS)
net.ipv4.ip_always_defrag = 1
# Disables the magic-sysrq key
kernel.sysrq = 0
/etc/sysconfig/ipchains:
:input ACCEPT
:forward DENY
:output ACCEPT
-A forward -s 10.0.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
Using:
kernel-2.2.16-4
piranha-0.4.17-2 W gui+docs same version
ipvsadm-1.11-4
ipvsadm -L -n:
IP Virtual Server version 0.9.14 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 64.30.29.28:80 wrr persistent 180
-> 10.0.0.95:80 Masq 9809 0 0
-> 10.0.0.94:80 Masq 9956 0 0
TCP 64.30.29.29:80 wrr persistent 180
-> 10.0.0.104:80 Masq 9795 0 0
-> 10.0.0.103:80 Masq 9956 0 0
TCP 64.30.29.27:80 wrr persistent 180
-> 10.0.0.93:80 Masq 9809 0 0
-> 10.0.0.92:80 Masq 9956 0 0
______________________________________
Bill Cronin
Bock Interactive Inc.
One Mill Street, Box B1
Burlington, VT 05401
mailto:bill@xxxxxxxx
http://www.bock.com
fax: 802.862.2100
voice: 802.862.2000 x.11
| 