|
> -----Original Message-----
> From: Julian Anastasov [mailto:ja@xxxxxx]
> Sent: Tuesday, May 22, 2001 10:48 AM
> To: Peter Mueller
> Cc: ''lvs-users@xxxxxxxxxxxxxxxxxxxxxx' '
> Subject: Re: strange issues..
>
>
>
> Hello,
>
> On Tue, 22 May 2001, Peter Mueller wrote:
>
> > In an LVS-DR + transparent proxy client setup, what could
> cause all the
>
> I can't understand what means "LVS-DR + transparent proxy
> client setup". What means "client"?
>
> > connections to appear as inactive and not send back any
> data? I turned on
>
> With DR method and broken routing you can create loops very
> easy, DR does not decrement IP TTL and if the real server does not
> accept the traffic it can appear again in the LVS box
> (possibly through
> the common uplink gateway).
>
> > ip_forward and switched ipchains to "ACCEPT" temporarily to
> ensure no
> > firewall issues are present.
> >
> > A tcpdump for relevant packets indicated the traffic
> appeared to endlessly
> > be passing back into the realserver... (as indicated below,
> small sample).
> >
> > Do the redirect rules appear to be setup right?
> 64.211.248.11 is the temp
> > vip I've chosen. Any other info upon request, I don't know
> what you guys
> > want.
>
> 1. tcpdump -len host 64.211.248.11
This is one request for the VIP
{{{{ From real server #1, only server in loop currently to simplify analysis
}}}}
[root@fe4026 fea]# /usr/sbin/tcpdump -len host 64.211.248.11
Kernel filter, protocol ALL, datagram packet socket
tcpdump: listening on all devices
10:33:11.341911 eth1 < 0:d0:b7:a9:c1:bc 0:0:0:0:0:1 ip 62:
208.177.165.227.64395 > 64.211.248.11.www: S 2833366593:2833366593(0) win
16384 <mss 1460,nop,nop,sackOK> (DF)
10:33:14.236010 eth1 < 0:d0:b7:a9:c1:bc 0:0:0:0:0:1 ip 62:
208.177.165.227.64395 > 64.211.248.11.www: S 2833366593:2833366593(0) win
16384 <mss 1460,nop,nop,sackOK> (DF)
10:33:20.246000 eth1 < 0:d0:b7:a9:c1:bc 0:0:0:0:0:1 ip 62:
208.177.165.227.64395 > 64.211.248.11.www: S 2833366593:2833366593(0) win
16384 <mss 1460,nop,nop,sackOK> (DF)
LVS-director box shows (at the same time):
[root@fe4029 /]# ipvsadm -L
IP Virtual Server version 0.9.11 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP vip.sidestep.com:www rr persistent 10
-> fe4026.sidestep.com:www Route 1 0 1
>
> The names are not understandable
>
> 2. Topology: lines and IP addresses, names, eg Client, LVS, RS
[Director]- 64.211.248.129
\ - eth0
\
\
/------------/
/cisco switch/------------------------- [Router], I-feed, et cet.
/------------/
| |
| \
| \
[Real #1] [Real #2]
64.211.248.126 64.211.248.127
Topology=LVS-DR
VIP = 64.211.248.11
Network=64.211.248.0/24
gateway=cisco router, not director
names (currently):
Director = fe4029
R#1 = fe4026
R#2 = fe4027
CIP = some client not on 64.211.248.0/24, in this case most testing will be
"router.external.smartbasket.com"
Data trace / Firewall info:
Client --> ipchains on director -> LVS software -> ipchains on real server
-> Apache on real server
>
> 3. Where is the transparent proxy:
>
> - in the LVS box
> - in the Real Server
TP = on Real Server, I am using :
# on realserver / application boxes
# rules for LVS to fix arp issue via Transparent Proxy
/sbin/ipchains -A input -j REDIRECT 80 -d 64.211.248.11 80 -p tcp
/sbin/ipchains -A input -j REDIRECT 80 -d 64.211.248.12 80 -p tcp
/sbin/ipchains -A input -j REDIRECT 443 -d 64.211.248.11 443 -p tcp
/sbin/ipchains -A input -j REDIRECT 443 -d 64.211.248.12 443 -p tcp
thanks,
Peter
>
> Regards
>
> --
> Julian Anastasov <ja@xxxxxx>
>
|
