|
Hi
Julian Anastasov wrote:
I assume you see in logs that lookup fails and packet is left for
netfilter manipulation? Do you see the size of such packets? Are
they in the MTU limits?
Can you help me to check the MTU stuff... I have a general understanding
of how the MTU works, but I am afraid I do not yet know how to check
this using tcpdump or ethereal.
You can see
http://archive.linuxvirtualserver.org/html/lvs-users/2004-12/msg00106.html
for some of my earlier attempts at catching the problem using tcpdump...
maybe this helps?
Also, do you have any netfilter NAT rules? Another option is that
it reaches the IPVS lookup in FORWARD with already translated source
address?
I do have SNAT rules that rewrite ip's that are used solely by the real
servers for connections initiated on the real servers, and then, I also
set up a generic SNAT to catch IPVS problems.
Lets say the real server has two ip's, and apache is only listening on
one of the ips, and ipvs is set up using nat to forward only to that IP
on that realserver, then all responses to web requests from the real
servers, should only come from the one ip that apache listens to,
rewritten by LVS to the VIP of the service. The other IP has a SNAT
rule in iptables so that the servers can use it to connect to external
services... (not http, but sql etc.).
Therefore, if I see any http traffic on the SNAT ip, I know that ipvs
did not rewrite the packet correctly. I initially used masquerading on
the router to allow the realservers outside access, but then the traffic
came from any IP on the router, which made things difficult to debug.
Also remember that 90% of the time, the ipvs works fine...
Kind regards
Johan
---------------------------------------------------------------------------
This message (and attachments) is subject to restrictions and a disclaimer.
Please refer to http://www.unisa.ac.za/disclaimer for full details.
---------------------------------------------------------------------------
<<<<gwavasig>>>>
<<<< gwavasig >>>>
|
