|
hello mr wensong
the realserver can reach the client directly ..without ever having to go thru
the director..
director
| 202.120.130.100/30
|
|
router----------client
| 10.1.5.0/25
|
|
router
|10.1.11.0/25
|
|
realserver
BTW how can i check ig ipip tunnels in generally is working. i feel that the
packets are not being decapsulated by the realserver
just my .02
TIA
Khiz
P.S i m still delighted that i got a reply .. i thought that most ppl r still
in the holiday mood ;-)
On Wed, 02 Jan 2002 Wensong Zhang wrote :
>
>
> Hello,
>
> Please make sure that your real server can reach the
> client directly. If
> the response packets went through the director, the
> director would drop
> them by the default.
>
> Regards,
>
> Wensong
>
>
> On 1 Jan 2002, khiz nms wrote:
>
> >
> > Hi all
> > i m facing a problem with my TUN setup
> >
> > my real server is on a seperate network from the
> director and is not prone to the ARP problem coz there
> is no routing for the VIP which leads to the
> realserver's network!!
> > realserver is redhat 6.2 VIP 202.120.130.102
> >
> > ipvsadm is correctly configured for tunnelling to the
> RIP and this i have verified by using tcpdump on the
> Realserver and i see packets CIP->RIP hitting the
> realserver
> >
> > tcpdump on realserver
> > eth2 < 10.1.5.5.2051 > 202.120.130.102.www: S
> 421444096:42144409 6(0) win 65535 <mss 1460> (DF) (ipip)
> >
> > where 10.1.5.5 is CIP 202.120.130.102 is the VIP
> >
> > the director has only one NIC configured with VIP
> > result of ipvsadm .. the director and the realserver
> dont have any network in common so the arp problem does
> not exist in my case
> >
> > IP Virtual Server version 1.0.8 (size=32768)
> > Prot LocalAddress:Port Scheduler Flags
> > -> RemoteAddress:Port Forward Weight ctiveConn
> InActConn
> > TCP 202.120.130.102:www rr
> > -> 10.1.11.225:www Tunnel 4 0 2
> >
> > However connections from the client seem to hang
> >
> > IP spoofing is enabled on the routers because doing
> > traceroute -n -s VIP someother IP FROM the
> REALSERVER
> > result in icmp port unreachable messages occuring on
> the Director which only arps for the VIP.. this impies
> that spoofing of VIP from REALSERVER is permitted
> >
> > i have configured VIP on tunl0 of REALSERVER
> >
> > telnet VIP www from realserver itself is also
> successful
> >
> >
> > ifconfig on REALSERVER gives
> > eth2 blah blah 10.1.11.225
> > tunl0 Link encap:IPIP Tunnel HWaddr
> > inet addr:202.140.120.102
> Mask:255.255.255.255
> > UP RUNNING NOARP MTU:1480 Metric:1
> >
> > route -n shows on REALSERVER
> > 202.120.130.102 0.0.0.0 255.255.255.255 UH
> 0 0 0 tunl0
> > 10.1.11.225 0.0.0.0 255.255.255.255 UH
> 0 0 0 eth2
> > 10.1.11.0 0.0.0.0 255.255.255.0 U
> 0 0 0 eth2
> > 127.0.0.0 0.0.0.0 255.0.0.0 U
> 0 0 0 lo
> > 0.0.0.0 10.1.11.51 0.0.0.0 UG
> 0 0 0 eth2 VIP
> >
> > a route to the VIP exists with dev tunl0 ( only one
> VIP in use on the realserver)
> >
> > ip forwarding enabled on realserver
> > lsmod shows ipip ;-)
> > i dunno whats wrong with the configuration
> > pls help me out
> > BTW realserver is 6.2 redhat 2.2.14-5.0 ipip is a
> module
> >
> > TIA
> > Khiz
> > P>S the only commands i used on the director
> > ipvsadm -A -t 202.120.130.102:80 -s wlc
> > ipvsadm -a -t 202.120.130.102:80 -r 10.1.11.225 -i
> >
> > i did not use any configure script .. this seems fine
> coz the director is actaully passing tunnelled packets
> to the Realserver..hope i m right
> >
> >
> >
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list -
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxx
> org
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-us-
> ers
> >
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list -
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> g
> or go to http://www.in-addr.de/mailman/listinfo/lvs-user-
> s
|
