|
Hi all, I try to set up a (quite big) LVS-DR. At the end, there will be several
VIPs, with several services and several realservers, and so on. So, I didn't
find a conf file that can handle several VIPs, but I'm a MAN you know, I CAN
set it up by hand :).
Here is my topology (simple, with only three realservers for testing) :
-------------clients-----------------------
__|_________________________|_______|________|_
(_________________ ROUTER_______________________)
| | | |
____|____ DIP | | |
| |VIP | | |
| director| | | |
|_________| | | |
| IIP | | |
| | | |
--------------------------------- | | |
| | | | | |
| | | | | |
IIP1 IIP2 IIP3 | | |
Tunl0 VIP VIP VIP | | |
_____________ _____________ _____________ | | |
| | | | | | | | |
| realserver | | realserver | | realserver | | | |
|_____________| |_____________| |_____________| | | |
RIP1 RIP2 RIP3 | | |
| | ---------- | |
| ----------------------------------- |
----------------------------------------------------------
So for the test case, My client is on the RIPs network. RIPs are (public, so I
have to mask, sorry)
Director IPs :
DIP = 1.1.1.200 eth1
VIP = 1.1.1.100 eth1:1
IIP = 172.16.1.254 eth0:1
Realservers1-3 IPs
IIP1-3 = 172.16.1.1-3 eth2:1
RIP1-3 = 1.1.1.1-3 eth1 (eth0 unused)
I set up RR LVS-DR and it works well. That is, the packets are clearly routed
on each node for each request. On a realserver (testing with ssh for improbable
bad reasons) I can see the arrival of the packets :
/usr/sbin/tcpdump -n ip host VIP -i eth2
tcpdump: listening on eth2
09:58:53.787114 CIP.50756 > VIP.ssh: S 4061535981:4061535981(0) win 5840 <mss
1460,sackOK,timestamp 48523545 0,nop,wscale 0> (DF) [tos 0x10]
09:59:41.789624 CIP.50756 > VIP.ssh: S 4061535981:4061535981(0) win 5840 <mss
1460,sackOK,timestamp 48528345 0,nop,wscale 0> (DF) [tos 0x10]
Nothing happen. The ssh server act as if there were nothing and the connection
goes timeout. Here are the routes on the realserver (tried to reformat for
mail, but I'm not used to this so-called mail client):
/sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
CIP 0.0.0.0 255.255.255.255 UH 0 0 0 lo
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
1.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
192.168.0.0 10.0.0.253 255.255.0.0 UG 0 0 0 eth2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 ROUTER IP 0.0.0.0 UG 0 0 0 eth1
Forget about network 10 and 192.168, one is our administration network (for
snmp, backend, and so on), the other is the intranet.
I use noarp module to mask the VIP but this is one of my first interrogation,
do I use it well? :
/usr/local/sbin/noarpctl list
VIP 172.16.1.1 31 0 135
I don't think it's an ipvs problem, because the packets seem to be well formed
at the arrival on the realservers. All /proc/sys/net/ipv4/conf/*/rp_filter are
set to 0
I have no iptables rules (-F and -F -t nat), even if I will have to redirect 80
to 8080 one day.
So, if someone has a good idea, thank you.
François.
Additional information :
Director:
Linux lxtdp1 2.4.22 #3 Wed Oct 15 17:09:29 CEST 2003 i686 unknown
IP Virtual Server version 1.0.10 (size=4096)
ipvsadm v1.21 2002/11/12 (compiled with popt and IPVS v1.0.10)
Realservers:
Linux lxnet1 2.4.9-e.24smp #1 SMP Tue May 27 16:07:39 EDT 2003 i686 unknown
(standard SMP RHES2.1 kernel)
|
