Re: LVS-DR on Red Hat 7.2: handling ARP, other misc problems.

[Wensong Zhang <wensong@xxxxxxxxxxxx>]

Hello,

The ipchains netfilter module for kernel 2.4 is not compatible with
ipchains for kernel 2.2. So, the redirect approach for real server running
kernel 2.4 doesn't work.

Please apply Julian's hidden patch
(http://linuxvirtualserver.org/~julian/hidden-2.4.5-1.diff)
in your kernel 2.4 source, and build the kernel.

Then, see
        http://linuxvirtualserver.org/~julian/hidden.txt
        or
        http://linuxvirtualserver.org/docs/arp.html
for how to use the hidden flag for LVS.

Regards,

Wensong


On Thu, 3 Jan 2002, Dan Browning wrote:

> Main goal:  LVS-TUN *OR* LVS-DR (I have tried both unsucesfully) for
> http service.
> Problem:  Random success and failure... probably ARP problem, right?
> Environment: Red Hat 7.2, Piranha 0.6.0-15, RH stock kernel (2.4.7-10)
>                        ________
>                       |        |
>                       | client |
>                       |________|
>                       CIP=100.146.4.39
>                            |
>                            |
>                            |
>                       __________
>                      |          |
>                      | Internet |
>                      |__________|
>                            |
>                            |
>                            |
>                       VIP=x.x.x.48 (eth0:1)
>                       __________
>                      |          |
>                      | director |
>                      |__________|
>                       DIP=x.x.x.54 (eth0)
>                            |
>                            |
>           /---------------------------------\
>           |                |                |
>           |                |                |
>   RIP1=x.x.x.44     N/A (yet)        N/A (yet)
>    _____________     _____________    _____________
>   |             |   |             |  |             |
>   | realserver  |   | realserver  |  | realserver  |
>   |_____________|   |_____________|  |_____________|
>
> ###############
> ##   COMMENTARY:
> ###############
>
> I have tried so many things to get this cluster working, I think I could
> write the book... on 2.0 and 2.2 kernels anyway.  2.4 seems to be such a
> different beast that I haven't been able to get it working.  If there is
> more information I can provide, or anything I can do that might help
> solicit a response on this issue, please tell me.  Perhaps the fact that
> I'm using RH 7.2 is the issue?
>
> The docs do not seem to have much information regarding 2.4.x kernels
> and the new 'ip addr' or 'iptables' commands.  What is the correct way
> to setup Red Hat 7.2 (or any 2.4.x) system for LVS-DR (or LVS-TUN, I'm
> not picky), including the ARP problem?
>
> I have tried all of the following unsuccessfully:
>
> # Another way to avoid the ARP problem
> insmod ipchains
> ipchains -A input -j REDIRECT 80 -d 63.145.198.48 80 -p tcp
>
> echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
> echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_filter
> echo 1 > /proc/sys/net/ipv4/conf/eth1/arp_filter
>
> # Insert the ipip module
> insmod ipip
> # Make the tunl0 device up
> ifconfig tunl0 up
> # Start the hiding interface functionality
> echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
> # Hide all addresses for this tunnel device
> echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_filter
> # Configure a VIP on an alias of tunnel device
> ifconfig tunl0:0 63.145.198.48 up
>
> ###############
> ##   DETAILS:
> ###############
> Setup the Director:
>
> Install Piranha, lvsadm
> Configure like so:
>
> serial_no = 38
> primary = x.145.198.54
> service = lvs
> backup = 0.0.0.0
> heartbeat = 1
> heartbeat_port = 539
> keepalive = 6
> deadtime = 18
> network = direct
> reservation_conflict_action = preempt
> debug_level = NONE
> virtual http {
>      active = 1
>      address = x.145.198.53 eth1
>      port = 80
>      send = "GET / HTTP/1.0\r\n\r\n"
>      expect = "HTTP"
>      load_monitor = none
>      scheduler = wlc
>      protocol = tcp
>      timeout = 6
>      reentry = 15
>      quiesce_server = 0
>      server www4real {
>          address = x.145.198.44
>          active = 1
>          weight = 1
>      }
> }
>
>       IP Virtual Server version 0.8.1 (size=65536)
> Prot LocalAddress:Port Scheduler Flags
>   -> RemoteAddress:Port             Forward Weight ActiveConn InActConn
> TCP  x.145.198.48:80 rr
>   -> x.145.198.52:80               Route   1      0          0
>   -> x.145.198.44:80               Route   1      0          0
>
>
> CURRENT LVS PROCESSES
> root      1992  0.0  0.0  1604  600 ?        S    15:45   0:00 pulse
> root      2295  0.0  0.0  1604  600 ?        S    15:45   0:00
> /usr/sbin/lvs --nofork -c /etc/sysconfig/ha/lvs.cf
> root      2299  0.0  0.0  1640  648 ?        S    15:45   0:00
> /usr/sbin/nanny -c -h x.145.198.44 -p 80 -s GET / HTTP/1.0\r\n\r\n -
> root      2300  0.0  0.0  1640  648 ?        S    15:45   0:00
> /usr/sbin/nanny -c -h x.145.198.52 -p 80 -s GET / HTTP/1.0\r\n\r\n -
>
>
> Thank you.
>
> +---------------------------------------------------
> | Dan Browning, Sr. Tech Consultant
> | Kavod Technologies, 1498 SE Tech Center Pl Ste 170
> | Vancouver, WA 98683  <dan.browning@xxxxxxxxx>
> +---------------------------------------------------
> Senate, n.:
>       A body of elderly gentlemen charged with high duties and
> misdemeanors.
>               -- Ambrose Bierce
>