|
This box is a firewall/gateway between public internet and my private
lan. I'm trying to do a weighted round-robin. The FQDN resolves to the
public IP of my LVS box, which has these rules configured
Just to make sure, 66.150.129.229 is your VIP and that's where your DNS
entry points to?
-A -t <public ip>:5222 -s wrr
-a -t <public ip>:5222 -r 192.168.10.17:5222 -m
-a -t <public ip>:5222 -r 192.162.10.18:5222 -m
So assuming I got it right, I should be able to do two distinct connects
as follows:
telnet tetsuo.unboundtech.com 5222
telnet tetsuo.unboundtech.com 5222
and you should see one connection request to ~.18 and one to ~.17, right?
ipvsadm -L shows this
TCP 66.150.129.229:5222 wrr
-> 192.162.10.18:5222 Masq 1 0 0
-> 192.168.10.17:5222 Masq 1 0 0
What does it show after you connected and closed the connection once?
So I think it's configured right. My problem is that only 192.168.10.17
It looks like. DGW of both RS is pointing to the director? No additional
iptables rule that would DROP packets to the ~.18 RS?
is responding through LVS. A tcpdump on 18 shows no packets arriving
when trying to go through LVS. I can telnet to port 5222 on both 17 and
18 from the LVS box. I have public DNS/IPs for both of those internal
So you could switch to LVS-DR?
boxes. I can telnet directly to these IPs, on port 5222, and connect to
each realserver bypassing LVS. But the application needs to be able to
hit either through the LVS.
So the IPs of the RS are actually public?
After browsing through some of the documentation, the only thing I can
come up with is DNS. The bind installation returns public IP addresses
only, and I'm not really doing any DNS overriding with /etc/hosts. If
It would be /etc/nsswitch.conf anyway.
this were the problem, what kind of, but it can be reached directly (not
going through LVS) and from the LVS box itself changes would I need to
make?
Mhh, if one of my questions doesn't solve the problem, I will ask you to
enable the debug mode and do two separated connection requests and send
me the dump (privatly).
In summary, I have a weighted round-robin service, where all realservers
have equal weight. I have specified no persistence, so defaults are
used. One of the realservers can't be reached through LVS. I can reach
it internally using internal IP (from any machine on the 192.168.10/0/24
subnet using the 192.168.10.18 IP) or publically, bypassing the LVS,
using an alternate public IP address than the one I'm load balancing
between realservers.
It looks all pretty correct at first sight but I also know that it
actually must work ;), so ...
Regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
|
