|
Hello Joe,
On Wed, 4 Apr 2001, Joseph Mack wrote:
> I am trying to set up two fwmarks groups
>
> 1. ftp,ftp-data
> 2. http,https
>
> I expect ftp requests to go to group 1, but they go to group 2.
May be the problem is that the two services share same Virtual
IP addresses and you first tried http/https connections that created
the persistence template and then you tried ftp and may because there
is already template for the same VIP already to real server from group
2 the connection was scheduled to this group.
May be we have to port the persistent-fwmark-1.0.5-2.2.18-1.diff
patch for 2.4 and you to test it with your setup. This patch simply
uses per-service persistence, not the default per-VIP persistence.
May be until then you can try the same setup for 2.2 after applying
the above patch (from /~julian/), of course, if it is easy. I'll make
the patch after 4-5 hours.
> Here's my setup.
>
> iptables commands on my 0.2.7-2.4.2 director (VIP=192.168.2.110=lv2.mack.net)
>
> director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d
> 192.168.2.110/32 --dport ftp -j MARK --set-mark 1
> director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d
> 192.168.2.110/32 --dport ftp-data -j MARK --set-mark 1
> director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d
> 192.168.2.110/32 --dport http -j MARK --set-mark 2
> director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d
> 192.168.2.110/32 --dport https -j MARK --set-mark 2
>
>
> director:# iptables -L -t mangle
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> MARK tcp -- anywhere lvs2.mack.net tcp dpt:ftp MARK
> set
> 0x1
> MARK tcp -- anywhere lvs2.mack.net tcp dpt:ftp-data
> MARK set 0x1
> MARK tcp -- anywhere lvs2.mack.net tcp dpt:www MARK
> set
> 0x2
> MARK tcp -- anywhere lvs2.mack.net tcp dpt:https MARK
> set 0x2
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
>
> which (to me) shows that I've set 2 groups of fwmarks.
>
> Here's my ipvsadm commands
>
> ipvsadm -A -f 1 -s rr -p 30
> ipvsadm -a -f 1 -r sneezy.mack.net:0 -g -w 1
> ipvsadm -a -f 1 -r bashfull.mack.net:0 -g -w 1
> ipvsadm -A -f 2 -s rr -p 30
> ipvsadm -a -f 2 -r sneezy.mack.net:0 -g -w 1
> ipvsadm -a -f 2 -r bashfull.mack.net:0 -g -w 1
>
>
> ftp'ing to the VIP, the connection should go to FWM=1.
> Here's the output from ipvsadm
>
> director:# ipvsadm
> IP Virtual Server version 0.2.7 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> FWM 1 rr persistent 30
> -> bashfull.mack.net:0 Route 1 0 0
> -> sneezy.mack.net:0 Route 1 0 0
> FWM 2 rr persistent 30
> -> bashfull.mack.net:0 Route 1 1 1
> -> sneezy.mack.net:0 Route 1 0 0
>
> which shows that ftp goes to FWM=2.
> http requests go to FWM=2 (which I expect)
>
> Any ideas anyone?
>
> Thanks
> Joe
> --
> Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
> contractor to the National Environmental Supercomputer Center,
> mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
Regards
--
Julian Anastasov <ja@xxxxxx>
|
