|
I sent a previous version of this message, with attachements that
detailed every step i took setting up my lvs, but that was over the 40KB
limit and is waiting to be moderated. But it's been 12 hours since I
sent it, so now I'm sending an abridged version. So if my previous
version gets sent, just ignore it.
Anyway, I've spent the last two days trying to get lvs to work and I
have had no success. Here are the vitals.
debian gnu/linux 2.2r3 on all machines.
linux 2.2.19 on all the machines, patched with ipvs 1.0.7 on the
director.
The director is at 63.216.62.171 and the 2 real-servers are at
63.216.62.177 and .179. The vip should be 63.216.62.170.
The network portion of the director has these kernel config options:
Networking options --->
<*> Packet socket
[*] Kernel/User netlink socket
[*] Routing messages (NEW)
< > Netlink device emulation (NEW)
[*] Network firewalls
[*] Socket Filtering
<*> Unix domain sockets
[*] TCP/IP networking
[ ] IP: multicasting
[*] IP: advanced router
[ ] IP: policy routing (NEW)
[ ] IP: equal cost multipath (NEW)
[ ] IP: use TOS value as routing key (NEW)
[ ] IP: verbose route monitoring (NEW)
[ ] IP: large routing tables (NEW)
[ ] IP: kernel-level configuration support
[*] IP: firewalling (NEW)
[ ] IP: firewall packet netlink device (NEW)
[ ] IP: transparent proxy support (NEW)
[*] IP: masquerading (NEW)
--- Protocol-specific masquerading support will be built as
modules.
[ ] IP: ICMP masquerading (NEW)
--- Protocol-specific masquerading support will be built as
modules.
[ ] IP: masquerading special modules support (NEW)
[*] IP: masquerading virtual server support (EXPERIMENTAL) (NEW)
[*] IP virtual server debugging (NEW)
(12) IP masquerading VS table size (the Nth power of 2) (NEW)
<M> IPVS: round-robin scheduling (NEW)
<M> IPVS: weighted round-robin scheduling (NEW)
<M> IPVS: least-connection scheduling (NEW)
<M> IPVS: weighted least-connection scheduling (NEW)
<M> IPVS: locality-based least-connection scheduling (NEW)
<M> IPVS: locality-based least-connection with replication
scheduli
[*] IP: optimize as router not host
<*> IP: tunneling
< > IP: GRE tunnels over IP
[*] IP: aliasing support
[ ] IP: ARP daemon support (EXPERIMENTAL) (NEW)
[ ] IP: TCP syncookie support (not enabled per default)
--- (it is safe to leave these untouched)
< > IP: Reverse ARP
[*] IP: Allow large windows (not recommended if <16Mb of memory)
< > The IPv6 protocol (EXPERIMENTAL)
---
< > The IPX protocol
< > Appletalk DDP
< > CCITT X.25 Packet Layer (EXPERIMENTAL)
< > LAPB Data Link Driver (EXPERIMENTAL)
[ ] Bridging (EXPERIMENTAL)
[ ] Frame Diverter (EXPERIMENTAL)
[ ] 802.2 LLC (EXPERIMENTAL)
< > Acorn Econet/AUN protocols (EXPERIMENTAL)
< > WAN router
[ ] Fast switching (read help!)
[ ] Forwarding between high speed interfaces
[ ] CPU is too slow to handle full bandwidth
Now this is the network kernel-config for the real-servers:
Networking options --->
<*> Packet socket
[*] Kernel/User netlink socket
[ ] Routing messages (NEW)
< > Netlink device emulation (NEW)
[ ] Network firewalls
[*] Socket Filtering
<*> Unix domain sockets
[*] TCP/IP networking
[*] IP: multicasting
[ ] IP: advanced router
[ ] IP: kernel-level configuration support
[ ] IP: transparent proxy support
[ ] IP: masquerading
[ ] IP: optimize as router not host
<*> IP: tunneling
< > IP: GRE tunnels over IP
[ ] IP: multicast routing
[*] IP: aliasing support
[ ] IP: ARP daemon support (EXPERIMENTAL) (NEW)
[ ] IP: TCP syncookie support (not enabled per default)
--- (it is safe to leave these untouched)
< > IP: Reverse ARP
[*] IP: Allow large windows (not recommended if <16Mb of memory)
< > The IPv6 protocol (EXPERIMENTAL)
---
< > The IPX protocol
< > Appletalk DDP
< > CCITT X.25 Packet Layer (EXPERIMENTAL)
< > LAPB Data Link Driver (EXPERIMENTAL)
[ ] Bridging (EXPERIMENTAL)
[ ] Frame Diverter (EXPERIMENTAL)
[ ] 802.2 LLC (EXPERIMENTAL)
< > Acorn Econet/AUN protocols (EXPERIMENTAL)
< > WAN router
[ ] Fast switching (read help!)
[ ] Forwarding between high speed interfaces
[ ] CPU is too slow to handle full bandwidth
I then executed these commands on the director:
ifconfig eth0:170 63.216.62.170 netmask 255.255.255.255 broadcast
63.216.62.170 up
route add -host 63.216.62.170 dev eth0:170
echo 1 > /proc/sys/net/ipv4/ip_forward
ipvsadm -A -t 63.216.62.170:80 -s wlc
ipvsadm -a -t 63.216.62.170:80 -r 63.216.62.177 -i
ipvsadm -a -t 63.216.62.170:80 -r 63.216.62.179 -i
Now on the real-servers I executed these commands:
echo 1 > /proc/sys/net/ipv4/ip_forward
ifconfig tunl0 63.216.62.170 netmask 255.255.255.255 broadcast
63.216.62.170 up
route add -host 63.216.62.170 dev tunl0
echo 1 > /proc/sys/net/ipv4/conf/all/hidden
echo 1 > /proc/sys/net/ipv4/conf/tunl0/hidden
/usr/local/apache/bin/apachectl start
After this from a separate client on a different network I tried to
connect to the virtual service at 63.216.62.170 port 80 with telnet.
Here is the output from ipvsadm after trying to connect with
`telnet 63.216.62.170 80` from the outside machine twice.
IP Virtual Server version 1.0.7 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 63.216.62.170:www wlc
-> 63.216.62.179:www Tunnel 1 0 1
-> 63.216.62.177:www Tunnel 1 0 1
You can see that the director did infact receive the response and tried
to send one request to each real-server.
Still the telnet session receives no response and eventually times out
with this output:
$ telnet 63.216.62.170 80
Trying 63.216.62.170...
telnet: Unable to connect to remote host: Connection timed out
pinging 63.216.62.170 does return a response and traceroute is
successful as well.
checking the access and error logs for apache shows no connection
attempt or errors of any kind. from the same client as above I can
successfully connect to http://63.216.62.179/ and it serves me a page,
so apache is functioning properly.
So now I removed the real-server entries with ipvsadm and then ran
`ifconfig tunl0 down` on the real-servers.
Then I re-added the real-servers only this time using direct routing.
ipvsadm -a -t 63.216.62.170:80 -r 63.216.62.177 -g
ipvsadm -a -t 63.216.62.170:80 -r 63.216.62.179 -g
I then executed these commands on the real-servers to set up the
real-server protion of VS-DR
ifconfig lo:0 63.216.62.170 netmask 255.255.255.255 broadcast
63.216.62.170 up
route add -host 63.216.62.170 dev lo:0
echo 1 > /proc/sys/net/ipv4/conf/all/hidden
echo 1 > /proc/sys/net/ipv4/conf/lo/hidden
After doing that, connections to the director do work and are properly
load balanced and serve pages just as expected. So...be that as it may,
I still need to get VS-Tun to work so we can load-balance with servers
that are not on the same physical network. Can anyone help me through
this?
--
=======================================================================
Paul J. Baker Internet Systems Technician
pbaker@xxxxxxxxxxxxxxx Where2GetIt.com
phone 847-498-0111x234
fax 847-480-7422
=======================================================================
|
