|
On Mon, Nov 29, 2004 at 02:36:00PM -0700, secroft@xxxxxxxxxx wrote:
> Hello All,
> Being a newbie to LVS we beat our heads against the wall last week and
> have a psuedo working setup. Here is a hopefully brief description of our
> setup.
>
> Director - RHEL with ipvsadm-1.21-9.ipvs108, 2 nics with both on a "real"
> network, but one is dedicated to the network that the realservers are
> attached.
>
> Here is my setup file:
>
>
> cat /proc/sys/net/ipv4/ip_forward
> echo "0" > /proc/sys/net/ipv4/ip_forward
>
> #director is not gw for realservers: leave icmp redirects on
> echo 'setting icmp redirects (1 on, 0 off) '
> echo "1" >/proc/sys/net/ipv4/conf/all/send_redirects
> cat /proc/sys/net/ipv4/conf/all/send_redirects
> echo "1" >/proc/sys/net/ipv4/conf/default/send_redirects
> cat /proc/sys/net/ipv4/conf/default/send_redirects
> echo "1" >/proc/sys/net/ipv4/conf/eth0/send_redirects
> cat /proc/sys/net/ipv4/conf/eth0/send_redirects
One possible problem. Unless you take special precautions
to allow the director to process what it thinks are alien
packets the director cannot be a gateway for the real severs,
if you are using LVS-DR, which you are.
To elaborate, the return packets from the real servers for
any load balanced traffic will have the VIP as the source IP address.
However, the director has a local interface with the VIP attached,
and thus thinks these packets are bogus - it thinks someone
is trying to send it packets spoofed from itself.
> #add ethernet device and routing for VIP 192.168.1.110
> /sbin/ifconfig eth1
>
> #check VIP 192.168.1.110 is reachable from self (director)
> /bin/ping -c 1 137.201.81.110
> /bin/netstat -rn
>
> #setup_ipvsadm_table
> #clear ipvsadm table
> /sbin/ipvsadm -C
> #installing LVS services with ipvsadm
> #add telnet to VIP with round robin scheduling
> #/sbin/ipvsadm -A -t 137.201.81.110:telnet -s rr
> /sbin/ipvsadm -A -t 137.201.81.110:http -s rr
>
> #forward telnet to realserver using direct routing with weight 1
> #/sbin/ipvsadm -a -t 137.201.81.110:telnet -r 137.201.81.230 -g -w 1
> #/sbin/ipvsadm -a -t 137.201.81.110:telnet -r 137.201.81.44 -g -w 1
> /sbin/ipvsadm -a -t 137.201.81.110:http -r 137.201.81.230 -g -w 1
> /sbin/ipvsadm -a -t 137.201.81.110:http -r 137.201.81.44 -g -w 1
> #check realserver reachable from director
> ping -c 1 137.201.81.230
> ping -c 1 137.201.81.44
>
> #displaying ipvsadm settings
> /sbin/ipvsadm
>
> Here's the issue. The real servers don't ping, but when I try to go to
> them via a browser, it works like a charm, unless I try to hit them
> multiple times. After about 4 refreshs' in a row, the site becomes
> unreachable. We need to get this to work consitently, obviously and
> try to understand it a little more. Originally when I just configured
> the lo interface on the clients, it wouldn't work at all, now I setup
> eth0:110 with the VIP and it seems to work......Any help would be
> appreciated.
You should be able to ping the real servers from the director,
if not I would stronly suspect some routing problem. tcpdump/ethereal
and equivalent are your friends. Just run them on the real servers and
linux director, send some pings, and see what is happening.
As Joe mentioned in response to a subsequent message,
which in turn was reply to one of your subsequent posts, it does
seem that load balancing is not occuring at all.
The ARP problem is usually the cause here.
--
Horms
|
