LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: Newbie on ipvs

To: "'LinuxVirtualServer.org users mailing list.'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Newbie on ipvs
From: Peter Mueller <pmueller@xxxxxxxxxxxx>
Date: Wed, 30 Jul 2003 12:07:01 -0700
Hello,

> I am working on a cluster that has nodes with IP's ranging 
> from 192.168.1.1
> through 192.168.1.20 (called node1 through node20). I am 
> using node2 as a
> director and nodes 15 and 16 as real servers.

Ok

> I succeded in patch, compile, install and load ipvs module. 
> After this I created
> a VIP 192.168.1.77 on node2 to serve as the cluster IP

Not sure if it will matter in this case, but.. which version of all IPVS
software, and what kernel/distribution?

> echo 1 > /proc/sys/net/ipv4/ip_forward

ok

> # and to test it all I used iptables internal load balancing utility
> # with the command
> iptables -t nat -A PREROUTING -d 192.168.1.77 -j DNAT 
> 192.168.1.15-192.168.1.16

This is not necessary, but if you feel like testing with iptables then feel
free :D

> after this I logged on node1 (external client) to ping 
> 192.168.1.77 several
> times in order to see what happens and the ping returns in a 
> roud robin fashion
> from nodes 15 and 16 as planned

Cool, no hair-pulling yet

> in order to use ssh I added the folowing line to node2, so 
> the connection can
> look as coming from node2 directly
> 
> iptables -t nat -A POSTROUTING -j SNAT 192.168.1.77

Maybe I'm going (am) crazy, but what does this do?  SNAT to what target?

> then I did the ping test from node1 and the ping seems to 
> come from node2, then
> I tried to ssh several times from node1 on node2 and 
> succefully loged on node15
> and node16 in a round robin fashion.

OK, as long as it works..

> Then I went to ipvs, i flushed all the iptables entries and 
> issued, on node2 the
> command
> 
> /sbin/ipvsadm -A -t 192.168.1.77:22 -s rr

OK, using 192.168.1.77 port 22 as VIP, round-robin scheduler.

> to add the virtual service
> and the commands
> 
> /sbin/ipvsadm -a -t 192.168.1.77:22 -r 192.168.1.15:22 -m -w 1
> /sbin/ipvsadm -a -t 192.168.1.77:22 -r 192.168.1.16:22 -m -w 1
> 
> to add the real servers.

OK.  But is masquerade (-m) what you want here?  If you want to masquerade
you need a separate subnet on the real server (what you call 'node') end.
See this document for more details:
http://www.linuxvirtualserver.org/how.html.

> In order to do the test i tried to ssh from node1 on node2 
> put the conections
> never completes and I got no login prompt, it just hangs.
>
> What could be happenning?

A TCPDUMP on the client, director, and real server would immediately tell us
what's going on.  If I had to guess, I'd say something got mixed up in the
subnets with that -m statement.

If this doesn't help you could try using Joseph Mack's configure script.
It's included in the tarball.  It makes setup a lot easier.

Peter
<Prev in Thread] Current Thread [Next in Thread>