On Thu, 23 Aug 2001, Ryan D. Hatch wrote:
> Anyway, my config looks like this:
> #----------lvs_dr.conf----------------------------------------
> LVSCONF_FORMAT=1.0
> LVS_TYPE=VS_DR
> INITIAL_STATE=on
> CLEAR_IPVS_TABLES=yes
> VIP=eth0:33 192.168.0.33 255.255.255.255 192.168.0.33
> VIP=eth0:34 192.168.0.34 255.255.255.255 192.168.0.34
> DIRECTOR_INSIDEIP=eth1 192.168.0.35 192.168.0.0 255.255.255.128
> 192.168.0.127
> #no default gw for director with VS-DR or VS-Tun
> #DIRECTOR_GW=192.168.0.1
> #SERVICE=t telnet rr sneezy bashfull
> #SERVICE=t ftp rr 192.168.0.36 192.168.0.37
> #SERVICE=t http rr 192.168.0.36 192.168.0.37
> SERVICE=t https rr 192.168.0.36 192.168.0.37
> SERVER_VIP_DEVICE=lo:110
> SERVER_NET_DEVICE=eth0
> SERVER_GW=192.168.0.1
> #----------end lvs_dr.conf------------------------------------
>
> ...now here's the catch. when I run ipvsadm it says this:
>
> IP Virtual Server version 0.8.1 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP jules.mydomain.com:0 rr persistent 360
> -> 192.168.0.36:0 Route 1 0 0
> TCP jules.mydomain.com:http rr
> -> 192.168.0.37:http Route 1 0 0
> -> 192.168.0.36:http Route 1 0 0
>
> It also performs what looks like rr balancing on all tcp packets that i
> send it...even telnet, ssh, http, etc even though they are all disabled.
> I am guessing that the jules.mydomain.com:0 rr persistant 360 is my
> problem.
it's a feature :-)
when you use persistence, all ports are forwarded. Services that you don't
want forwarded (eg telnet) will have to be blocked by filter rules. You
can't make just port 443 persistent. That's life I'm afraid. You can set
up your services instead using fwmark (see the HOWTO) which gives you
better control, but the configure script doesn't handle this yet (it will
be a while before I put fwmark into the configure script).
> Why is it putting it in there?
https requires persistence for session keys so any realservers offering
https will be persistent for all services.
> but wait...theres more!
>
> When i try to https to jules.mydomain.com, it only sends me to
> 192.168.0.36.
this is a bug in the configure script. It only installs the first
realserver for a persistent service (in your case the x.x.x.36 machine,
and not the x.x.x.37 machine). I forgot to add the loop to go through
the realserver list of persistent services before I shipped the code,
and only the first one is added.
To add the extra machine run a command like
$ipvsadm -a -t $VIP -R x.x.x.37 -g -w 1
but when i telnet to jules.mydomain.com, to looks like it
> performs balanced rr on it. Weird? When I change the SERVICE line from
> SERVICE=t https rr 192.168.0.36 192.168.0.37 to SERVICE=t https rr
> 192.168.0.37 192.168.0.36 then it does the exact opposite. It sends all
> https requests to 192.168.0.37.
again only the first machine is addedd to the list.
Joe
--
Joseph Mack mack@xxxxxxxxxxx
|