> And downloads of big images works fine right? So there is a problem
> with inbound packets that get fragmented. 934 is a weird packet size
> for Ethernet it should be 1492 or 1500.
Bingo. The entire site works, and pages and images much larger than 934
bytes are served up just fine.
934 is the weirdest size I've ever heard of :-) I did a quick search for
anything related to 934 bytes, but only came back with some useless info and
some porn (amazing how everything you search for comes back to porn).
> >From the LVS machine tun0:0 interface ping a real server with small ping
> packets. Setup tcpdump on each machine and watch the ICMPs to get a
> picture of how it should work. This works right?
No, It doesn't. I see the requests going out, but the real server never
responds. The real server does show the request, it just doesn't ack.
BTW, with TUN, the director has the VIP on an eth device (at least that's
how I read it, and how I have it setup). I tried pinging from this eth0
device to the real server's real IP (not the VIP) with no luck. This is
with the normal 56 byte ICMP packet.
Actually, this doesn't suprise me for the same reasons you can't access LVS
service from the director.
> Try pinging the real servers from another machine on their local network
> (one real server to another) with large and small pings. Make sure that
> works (I assume it will).
I tried pinging from a 3rd party to the real servers and between the
realservers with both 56 byte and 2048 byte pings with success.
> Start to eliminate problem areas. If the two real servers can ping each
> other then they are not the problem.
>
> If the packets aren't leaving the LVS server then it is the problem
>
> If the packets are leaving the LVS server but not arriving at the real
> servers check your switch config. Double check MTU settings on
> everything (ifconfig shows MTU). Double check the switch port settings.
We don't have a managed switch (yet), no settings to change. The problem
doesn't seem to be that the packets aren't making it, but that they aren't
being responded to.
I almost want to think that this is some route issue or something in /proc
that i've forgotten to enable. I've turned on ip_forwarding, and hidden
every device on the system as an attempt to get this working to no avail.
-Jacob
|