Re: telnet but no http???

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx, jon@xxxxxxxxxx
Subject:	Re: telnet but no http???
From:	Joseph Mack <mack.joseph@xxxxxxx>
Date:	Sun, 01 Sep 2002 12:50:04 -0400

"Jonathan D. Proulx" wrote:

> :is apache listening to the VIP and _not_ to the RIP?
> 
> That is correct listen vip:80, netstat and external portscaning
> confirm port 80 is open on the VIP and _not_ the RIP

so much for that idea.
 
> This asymetric routing is what I expected, and why I'm puzzled by the
> director's default routing having any affect on the client.  But I'm
> watching it now, if I remove the default route I can no longer telnet
> to the LVS (the director is _not_ running telnet, only the
> realservers).

are you sure you're connecting via the director and not directly to
the realservers. eg do you see new entries with ipvsadm on the director
when you connect from the client. 

> :you can add the route back if you like, but it would be more secure to
> :put a separate IP on the outside of the director (possibly on the same NIC as
> :the VIP) and to connect from that.
> 
> I could definatly learn more about iproute2, as I only installed it on
> these systems because LVS seems to be moving toward this, but:

it's a bit of a nightmare if you ask me, but it's got functionality that 
ifconfig and route don't have. LVS is moving to it because Linux is moving
to it. ifconfig etc are supported for 2.4 but are expected to be dropped 
sometime. I expect when we're all running iproute2 commands all day instead
of ifconfig and route that we'll get used to it.
 
> [jon@director lvs]$ ip route
> 128.52.37.21 dev eth0  scope link  src 128.52.37.21
> 128.52.37.0/24 dev eth0  proto kernel  scope link  src 128.52.37.173
> default via 128.52.37.10 dev eth0
> 
> [jon@realserver0 jon]$ ip route
> 128.52.37.21 dev lo  scope link  src 128.52.37.21
> 128.52.37.0/24 dev eth0  proto kernel  scope link  src 128.52.37.4
> default via 128.52.37.10 dev eth0
> 
> [jon@realserver1 jon]$ ip route
> 128.52.37.21 dev lo  scope link  src 128.52.37.21
> 128.52.37.0/24 dev eth0  proto kernel  scope link  src 128.52.37.253
> default via 128.52.37.10 dev eth0
> 
> note 128.52.37.21 is VIP, 128.52.37.173 is DIP.  This seems to be what
> I expect

ah. the default route for the realservers for LVS-DR should _not_ be the DIP.
It should anything else, like the client.


Joe
-- 
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center, 
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA

<Prev in Thread]	Current Thread	[Next in Thread>
Re: telnet but no http???, Joseph Mack <= Re: telnet but no http???, Jonathan D. Proulx Re: telnet but no http???, Joseph Mack Re: telnet but no http???, Jonathan D. Proulx Re: telnet but no http???, Joseph Mack

Next by Date:	Re: telnet but no http???, Jonathan D. Proulx
Next by Thread:	Re: telnet but no http???, Jonathan D. Proulx
Indexes:	[Date] [Thread] [Top] [All Lists]