Hello. I'm having problems trying to set up an LVS system. It seems that
TCP packets to the real servers aren't given a response.
First off, here's my setup:
_________
| |
| client |
|_________| CIP = 192.168.16.10
|
|
___________ Outside DIP = 192.168.2.11 (eth0)
| | VIP = 192.168.2.144 (eth0:144)
| director |
|___________| SGW = 192.168.1.2 (eth2)
|
|
____________ RIP = 192.168.1.12 (eth0)
| |
| realserver |
|____________|
(There's only one realserver because the other systems available are doing
other functions, and I wanted to test the LVS before converting any other
systems. Does the LVS system need more than one realserver in order for
connections to not stall?)
Both the director and realserver are Dell systems running Redhat 7.2,
kernel version 2.4.7-10. The director has an Intel PRO/100 ethernet card
for eth0, and an Intel PRO/1000 card for eth2, while the realserver has an
Intel PRO/1000 card for eth0. The director already has ip_vs (version
0.8.1) already installed.
To test this out, I followed the directions from section 4.2 of the LVS
mini-HOWTO:
(http://www.linuxvirtualserver.org/Joseph.Mack/mini-HOWTO/LVS-mini-HOWTO-4.html#ss4.2)
But attempts to telnet to the VIP end up stalling. Here's what shows up
on the director while this is happening:
ipvsadm:
IP Virtual Server version 0.8.1 (size=65536)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.2.144:telnet rr
-> 192.168.1.12:telnet Masq 1 0 1
ipvsadm -l -c -n:
IPVS connection entries
pro expire state source virtual destination
TCP 00:42.27 SYN_RECV 192.168.16.10:57423 192.168.2.144:23
192.168.1.12:23
Here's what shows up from tcpdump -l -n:
20:14:43.143160 192.168.16.10.57423 > 192.168.1.12.23: S
1819783352:1819783352(0) win 24820 <nop,nop,sackOK,mss 1460> (DF) [tos 0xa0]
20:14:43.143160 192.168.1.12 > 192.168.16.10: icmp: 192.168.1.12 tcp port 23
unreachable [tos 0xc0]
20:15:10.133160 192.168.16.10.57423 > 192.168.1.12.23: S
1819783352:1819783352(0) win 24820 <nop,nop,sackOK,mss 1460> (DF) [tos 0xa0]
20:15:10.133160 192.168.1.12 > 192.168.16.10: icmp: 192.168.1.12 tcp port 23
unreachable [tos 0xc0]
.
.
.
And here's what shows up on a tcpdump -l -n from the realserver:
20:13:01.398868 192.168.16.10.57423 > 192.168.1.12.23: S
1819783352:1819783352(0) win 24820 <nop,nop,sackOK,mss 1460> (DF) [tos 0xa0]
20:13:04.758868 192.168.16.10.57423 > 192.168.1.12.23: S
1819783352:1819783352(0) win 24820 <nop,nop,sackOK,mss 1460> (DF) [tos 0xa0]
20:13:11.508868 192.168.16.10.57423 > 192.168.1.12.23: S
1819783352:1819783352(0) win 24820 <nop,nop,sackOK,mss 1460> (DF) [tos 0xa0]
.
.
.
So, IPVS seems to be working, and the first packet of the telnet connection does
get through to the real server, but it stalls from then on. Why would that
happen? All the ping tests in the mini-HOWTO's section 4.2 worked ok, and
there aren't any firewall rules preventing connections through those interfaces,
so what could be going wrong?
Thanks for any and all help -
Al Kwiatkowski
al@xxxxxxxxxxx
|