LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: lvs setup via tunelling problem

To: Djamil ESSAISSI <djamil@xxxxxxxxxxxxxxxx>
Subject: Re: lvs setup via tunelling problem
Cc: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Mon, 15 Oct 2001 21:33:56 +0000 (GMT)
        Hello,

On Mon, 15 Oct 2001, Djamil ESSAISSI wrote:

> rehi !
> and thanks again for your patience !
> :)
> :)director# tcpdump -ln -i INDEV host CIP
> :)director# tcpdump -ln -i OUTDEV host RIP

        Do you have the tcpdump on OUTDEV? Your config looks ok but
I'm still not sure where the traffic stops. You provide only trace
from one point which is obvious to work.

> :)real server# tcpdump -ln -i IN_ETH host DIP
> :)real server# tcpdump -ln -i tunl0 host CIP
> :)real server# tcpdump -ln -i OUT_DEV host CIP
> :)


> i get that, while telnet hangs on the client
> and nothing apears on the server.
>
> also when i do a telnet VIP from the director i get connection refused, from 
> the client i got a timeout (finally)

        You can't use the director as client. You have to make tcpdump
output from each step and place. See the above commands.

> There something i'm not getting yet, after doing the apvsadmin -A and -a ... 
> do we have to configure routes or not ? if yes which ones ?
>
> vip=212.43.218.153
> rip=212.73.232.232
> cip=193.252.175.157

        Check whether ping 212.73.232.232 works from director.

        On the real server use:

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/hidden
echo 1 > /proc/sys/net/ipv4/conf/lo/hidden
ifconfig lo:153 212.43.218.153 netmask 255.255.255.255 up

# insert it if it is compiled as module:
insmod ipip
ifconfig tunl0 up

To check whether packets with src=VIP exit from your RS's gateway use
something like:

traceroute -n -s 212.43.218.153 192.252.175.157

and check whether some traffic reaches client and then the director,
i.e. UDP to client and then client replies with ICMP to director (where
the VIP is announced).

        OTOH, your RS's ISP have to allow spoofed traffic with
src=212.43.218.153. The above traceroute should check it. Many
ISPs don't allow you to send traffic with foreign source address (the
VIP in your case).

Regards

--
Julian Anastasov <ja@xxxxxx>



<Prev in Thread] Current Thread [Next in Thread>