|
Hello all,
I'm trying to graduate from LVS-NAT to LVS-DR, and at the moment it
feels like I'm butting my head agains a wall because of gaps-a-plenty in
my knowledge of networking.
I've set up a simple three machine LVS-NAT using Red Hat Linux (which is
the distribution of choice for our company) and their LVS package, piranha.
The director is a P166, full-install RH7.1 w/all applicable errata, kernel
2.4.9, ipvs 0.8.1, ipvsadm v1.17 (recompiled from RH's source rpm to use
ipvs 0.8.1), piranha-0.5.5.8, has two NICs. In the NAT setup, eth0 has a
connection to the Internet with the VIP on eth0:1; eth1:1 has the DIP on a
private (192.168.1.0) network. Forwarding is enabled and masquerading done
via iptables. eth1 with the DIP is connected to a hub with two realservers,
P150 and P133 respectively, minimal server install RH7.1 w/errata and a
stock RH kernel 2.4.9 patched with Julian's hidden-2.4.5-1 patch and
compiled without additions or omissions to the default RH kernel.
Realservers have one NIC each.
With this setup, I had no trouble whatsoever setting up Telnet, FTP,
HTTP and SSH and verifying that at least rr scheduling works. Please mind
that in my setup the LVS is not isolated and the VIP is live and on the
Internet at all times.
Fueled by the success I had with LVS-NAT, I tried to upgrade to LVS-DR.
I removed the director from between the public and private networks,
connecting it and the realservers on the same hub, effectively putting
them on the same wire. Since I had already patched the realservers'
kernels, I proceeded to bring the VIP up on lo:0 on both of them, after
setting /proc/sys/net/ipv4/conf/(all/lo)/hidden to 1, removing the default
route to the DIP, and adding a new default route to the gateway of the
VIP. I removed the iptables masquerading rules, changed piranha's
configuration to reflect the change to LVS-DR, restarted LVS (or pulse,
as it is in RH's piranha), and began testing.
Herein is revelead the extent of my networking knowledge (and lack of it
thereof). Basically, I can't get LVS-DR to work even if I follow the
instructions to the letter, read and re-read the FAQ on the ARP problem
&c. ipvsadm shows the services up and running, but connections are almost
always in the SYN_SENT state. Sometimes something gets through, and I can
connect to a realserver, after which I can get new connections but always
to the same realserver. I've tried snooping around with tcpdump, looking
at arp tables - to no avail. So at the moment, I'm stuck with LVS-NAT,
very much wanting to get things running with LVS-DR.
If any of you can help me out based on the above description, I'd be
most grateful. I know I could get by with LVS-NAT up to a point, though it
would be infinitely nicer to have a more scalable solution.
There are some less broad questions I don't have answers for, so
answering to any of them helps out as well.
* with LVS-DR and director with two NICs, RIPs on private network;
does the director need /proc/sys/net/ipv4/ip_forward set?
* using Julian's hidden patch, is lo:0 an appropriate interface for the
VIP on realservers (assuming that /proc/sys/net/ipv4/conf/all/hidden
and /proc/sys/net/ipv4/conf/lo/hidden are set to 1)?
* this is the main question: how do I set up the default route for the
realservers on a LVS-DR setup when the VIP is configured as in the
previous question (assuming that the previous question doesn't
evaluate to false)?
Any help in this matter is duly appreciated.
Thank you,
--
Mr. Nuutti-Iivari Merilainen, Technology Producer, VIP Tietoverkot Oy, Finland
|
