|
Hello Clemens,
> i tried the ha-code to reach high availability. the fail over works well,
> ip-addresses are taken and reachable afterwards. the only problem is, that the
> requests to the vip aren't answered. tcpdump on the director and the webserver
> display the requests, but no reply reaches the browser in outside the vs.
how's the routing on the webserver then?
> here some details:
> kernel: 2.2.17
> vip: 172.16.2.160/24 (eth1:1)
^^
I assume /32
> outside_ip: 172.16.2.161/24 (eth1)
^^
ditto
> dip: 192.168.10.1/24 (eth0)
> web1: 192.168.10.10
> web2: 192.168.10.10
^^
Should be ~.11/32
> kernel routing table:
> Destination Gateway Genmask Flags MSS Window irtt Iface
> 172.16.2.160 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
> 172.16.2.161 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
> 172.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 172.16.2.254 0.0.0.0 UG 0 0 0 eth1
>
> the ipchainsChain input (policy ACCEPT):
> Chain forward (policy ACCEPT):
> target prot opt source destination ports
> MASQ tcp ------ 192.168.10.1� anywhere telnet -> any
> MASQ tcp ------ 192.168.10.2 anywhere telnet -> any
> MASQ tcp ------ 192.168.10.1 anywhere http -> any
> MASQ tcp ------ 192.168.10.2 anywhere http -> any
> MASQ tcp ------ 192.168.10.1 anywhere ftp -> any
> MASQ tcp ------ 192.168.10.2 anywhere ftp -> any
> MASQ tcp ------ 192.168.10.1 anywhere https -> any
> MASQ tcp ------ 192.168.10.2 anywhere https -> any
>
> and the ipvsadm output:
> IP Virtual Server version 1.0.1 (size=4096)
Quite an old IPVS version. Have you installed some rpm? Despite the
fact that your problem might have nothing to do with this I recommend
you to grab a fresh copy of the linux kernel and patch it with at
least the 1.0.5 version of LVS. Too many nasty bugs had been fixed
since then.
> the funny thing about this is, that, if the regular rc.lvs_nat script is
> startet, everything works fine. if the ipvsadm-rules are set manually by me,
> also everything is ok. but if the heartbeat-service is started, nothing
> happens.
So then heartbeat changes something to the routing or something
else. What does the logfile say?
> i just see packets arriving at port 80 on the director and both webservers,
> but
> no reply is sent. the default gw is the director, set on both of the
> webservers.
This is very strange. You see incoming packets on the webserver
but no reply although you've got the DGW pointing to the load
balancer?
> anybody an idea?
Not so far, but heartbeat is not my wisdom anyway. I can assure that LVS
works the way you set it up. What I don't know is the interaction between
heartbeat and LVS, although I don't think hb has a lot of possibilities
to interfere.
Cheers,
Roberto Nibali, ratz
--
mailto: `echo NrOatSz@xxxxxxxxx | sed 's/[NOSPAM]//g'`
|
