|
Hello,
On 2 Jan 2002, khiz nms wrote:
>
> hello mr wensong
> the realserver can reach the client directly ..without ever having to go
> thru the director..
>
>
> director
> | 202.120.130.100/30
> |
> |
> router----------client
> | 10.1.5.0/25
> |
> |
> router
> |10.1.11.0/25
> |
> |
> realserver
>
> BTW how can i check ig ipip tunnels in generally is working. i feel
> that the packets are not being decapsulated by the realserver
You can use tcpdump to check if there is any reponse packets going out,
for example, tcpdump -nv host 202.120.130.102 and port 80
From your first message, your tcpdump output show that there is a packet
destined for 202.120.130.102.www, so the the packet is decapsulated at the
real server.
The next step is to check if there is any response packet from
202.120.130.102.www going out through eth interface (eth2 at your server).
Regards,
Wensong
> just my .02
>
> TIA
> Khiz
>
> P.S i m still delighted that i got a reply .. i thought that most ppl r still
> in the holiday mood ;-)
>
> On Wed, 02 Jan 2002 Wensong Zhang wrote :
> >
> >
> > Hello,
> >
> > Please make sure that your real server can reach the
> > client directly. If
> > the response packets went through the director, the
> > director would drop
> > them by the default.
> >
> > Regards,
> >
> > Wensong
> >
> >
> > On 1 Jan 2002, khiz nms wrote:
> >
> > >
> > > Hi all
> > > i m facing a problem with my TUN setup
> > >
> > > my real server is on a seperate network from the
> > director and is not prone to the ARP problem coz there
> > is no routing for the VIP which leads to the
> > realserver's network!!
> > > realserver is redhat 6.2 VIP 202.120.130.102
> > >
> > > ipvsadm is correctly configured for tunnelling to the
> > RIP and this i have verified by using tcpdump on the
> > Realserver and i see packets CIP->RIP hitting the
> > realserver
> > >
> > > tcpdump on realserver
> > > eth2 < 10.1.5.5.2051 > 202.120.130.102.www: S
> > 421444096:42144409 6(0) win 65535 <mss 1460> (DF) (ipip)
> > >
> > > where 10.1.5.5 is CIP 202.120.130.102 is the VIP
> > >
> > > the director has only one NIC configured with VIP
> > > result of ipvsadm .. the director and the realserver
> > dont have any network in common so the arp problem does
> > not exist in my case
> > >
> > > IP Virtual Server version 1.0.8 (size=32768)
> > > Prot LocalAddress:Port Scheduler Flags
> > > -> RemoteAddress:Port Forward Weight ctiveConn
> > InActConn
> > > TCP 202.120.130.102:www rr
> > > -> 10.1.11.225:www Tunnel 4 0 2
> > >
> > > However connections from the client seem to hang
> > >
> > > IP spoofing is enabled on the routers because doing
> > > traceroute -n -s VIP someother IP FROM the
> > REALSERVER
> > > result in icmp port unreachable messages occuring on
> > the Director which only arps for the VIP.. this impies
> > that spoofing of VIP from REALSERVER is permitted
> > >
> > > i have configured VIP on tunl0 of REALSERVER
> > >
> > > telnet VIP www from realserver itself is also
> > successful
> > >
> > >
> > > ifconfig on REALSERVER gives
> > > eth2 blah blah 10.1.11.225
> > > tunl0 Link encap:IPIP Tunnel HWaddr
> > > inet addr:202.140.120.102
> > Mask:255.255.255.255
> > > UP RUNNING NOARP MTU:1480 Metric:1
> > >
> > > route -n shows on REALSERVER
> > > 202.120.130.102 0.0.0.0 255.255.255.255 UH
> > 0 0 0 tunl0
> > > 10.1.11.225 0.0.0.0 255.255.255.255 UH
> > 0 0 0 eth2
> > > 10.1.11.0 0.0.0.0 255.255.255.0 U
> > 0 0 0 eth2
> > > 127.0.0.0 0.0.0.0 255.0.0.0 U
> > 0 0 0 lo
> > > 0.0.0.0 10.1.11.51 0.0.0.0 UG
> > 0 0 0 eth2 VIP
> > >
> > > a route to the VIP exists with dev tunl0 ( only one
> > VIP in use on the realserver)
> > >
> > > ip forwarding enabled on realserver
> > > lsmod shows ipip ;-)
> > > i dunno whats wrong with the configuration
> > > pls help me out
> > > BTW realserver is 6.2 redhat 2.2.14-5.0 ipip is a
> > module
> > >
> > > TIA
> > > Khiz
> > > P>S the only commands i used on the director
> > > ipvsadm -A -t 202.120.130.102:80 -s wlc
> > > ipvsadm -a -t 202.120.130.102:80 -r 10.1.11.225 -i
> > >
> > > i did not use any configure script .. this seems fine
> > coz the director is actaully passing tunnelled packets
> > to the Realserver..hope i m right
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > LinuxVirtualServer.org mailing list -
> > lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxx
> > org
> > > or go to http://www.in-addr.de/mailman/listinfo/lvs-us-
> > ers
> > >
> >
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list -
> > lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > g
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-user-
> > s
>
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
|
