Re: Director doesn't forward packets to realserver

To:	davy.dewinter@xxxxxxxxx, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Director doesn't forward packets to realserver
From:	"Graham David Purcocks M.A.(Oxon.)" <grahamp@xxxxxxxxxxxxx>
Date:	Fri, 15 Jul 2005 11:49:58 +0100

I don't usually reply as I'm not a real expert. But I think your problem
is you can't use LVS-DR unless VIP and RIP are on the same network. What
you have requires a NAT or TUN system.


On Fri, 2005-07-15 at 11:40, Davy De Winter wrote:
> Hi,
> 
> I've tried to setup a small LVS-DR testbed but I didn't manage to get things 
> to
> work yet. The problem is that my director doesn't forward packets to the
> realserver and I don't know where to look further. Here's a graphical
> representation of my (simple) testnetwork:
> 
> (VIP: 11.5)15.2                       15.1                 7.2          7.1
> DIRECTOR------------------------ROUTER--------------CLIENT
>     | 10.4 (DIP)                                   | 3.1
>     |                                                     |
>     |                                                     |
>     | 10.1 (RIP)                                   |
> REALSERVER-----------------------
> (VIP: 11.5)3.2
> 
> To keep the drawing clean i've only listed the last 2 bytes of the ip-address
> (they all start with 192.168). The client sends http-requests with source ip 
> in
> the range 192.168.7.5-192.168.7.254 to the routers which forwards them to the
> director. The destination IP of the request is 192.168.11.5. This is the VIP 
> of
> the director. The router forwards the first packet (the SYN-packet of the
> TCP-stream) to the director. But the director doesn't forward the packet 
> further
> to the realserver. When I look with tcpdump at the incoming interface of the
> director (192.168.15.2) the SYN-packets arrive just fine:
> 
> 15:17:12.975822 IP 192.168.7.38.25920 > 192.168.11.5.www: S
> 292817339:292817339(0) win 32768 <mss 1460>
> 15:17:12.975926 IP 192.168.7.193.29768 > 192.168.11.5.www: S
> 284814485:284814485(0) win 32768 <mss 1460>
> 15:17:13.309114 IP 192.168.7.47.49871 > 192.168.11.5.www: S
> 294150796:294150796(0) win 32768 <mss 1460>
> 15:17:13.309158 IP 192.168.7.139.31938 > 192.168.11.5.www: S
> 270141166:270141166(0) win 32768 <mss 1460>
> 
> More information about my director-configuration:
> 
> 1) The interfaces are configured as follows:
> 
> auto eth0
> iface eth0 inet static
>         address 10.10.2.94
>         network 10.0.0.0
>         netmask 255.0.0.0
>         broadcast 10.255.255.255
>         gateway 10.10.10.12
> 
> auto eth0:11
> iface eth0:11 inet static
>         address 192.168.11.5
>         network 192.168.11.0
>         netmask 255.255.255.0
>         broadcast 192.168.11.255
> 
> auto eth1
> iface eth1 inet static
>         address 192.168.15.5
>         network 192.168.15.0
>         netmask 255.255.255.0
>         broadcast 192.168.15.255
> 
> auto eth2
> iface eth2 inet static
>         address 192.168.10.4
>         network 192.168.10.0
>         netmask 255.255.255.0
>         broadcast 192.168.10.255
> 
> There's one alias for interface eth0.
> 
> 2) The virtual server is configured by hand:
> 
> cat     /proc/sys/net/ipv4/ip_forward
> echo "0" > /proc/sys/net/ipv4/ip_forward
> echo 'setting icmp redirects (1 on, 0 off)'
> echo "1" > /proc/sys/net/ipv4/conf/all/send_redirects
> cat        /proc/sys/net/ipv4/conf/all/send_redirects
> echo "1" > /proc/sys/net/ipv4/conf/default/send_redirects
> cat        /proc/sys/net/ipv4/conf/default/send_redirects
> echo "1" > /proc/sys/net/ipv4/conf/eth1/send_redirects
> cat        /proc/sys/net/ipv4/conf/eth1/send_redirects
> 
> ipvsadm -C
> 
> echo "adding http ipvsadm round robin cheduling..."
> ipvsadm -A -t 192.168.11.5:www -s rr
> 
> echo "forward to the realservers using direct routing with weight 1"
> ipvsadm -a -t 192.168.11.5:www -r 192.168.10.1 -g
> ping -c 1 192.168.10.1
> #ipvsadm -a -t 192.168.11.5:http -r 192.168.10.2 -g -w 1
> #ping -c 1 192.168.10.2
> #ipvsadm -a -t 192.168.11.5:http -r 192.168.10.3 -g -w 1
> #ping -c 1 192.168.10.3
> /sbin/ipvsadm
> 
> 3)  All the modules necessary are loaded (I use kernel 2.6.11 - Linux Debian 
> Sarge).
> 
> Module                  Size  Used by
> ip_vs_rr                2688  1
> iptable_filter          3008  0
> ipt_LOG                 7360  1
> iptable_nat            26652  1
> ip_conntrack           53472  1 iptable_nat
> ip_tables              25280  3 iptable_filter,ipt_LOG,iptable_nat
> ip_vs_lc                2432  0
> ip_vs                 103552  5 ip_vs_rr,ip_vs_lc
> uhci_hcd               32592  0
> ohci_hcd               18692  0
> ehci_hcd               33288  0
> usbcore               122748  3 uhci_hcd,ohci_hcd,ehci_hcd
> i2c_sis96x              5380  0
> i2c_core               22544  1 i2c_sis96x
> shpchp                100836  0
> pci_hotplug            30772  1 shpchp
> 
> 4) The route-table
> 
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 192.168.15.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
> 192.168.11.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 eth2
> 10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
> 0.0.0.0         10.10.10.12     0.0.0.0         UG    0      0        0 eth0
> 
> 5) ipvsadm -l and ipvsadm -l --stats gave me the following
> 
> IP Virtual Server version 1.2.1 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
>   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> TCP  192.168.11.5:www rr
>   -> 192.168.10.1:www             Route   1      0          0
> 
> 
> epaperdirector94:/home/dgdwinte# ipvsadm -l --stats
> IP Virtual Server version 1.2.1 (size=4096)
> Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
>   -> RemoteAddress:Port
> TCP  192.168.11.5:www                    0        0        0        0        0
>   -> 192.168.10.1:www                    0        0        0        0        0
> 
> Everything seems to work fine, it only looks like the module "eats" al the
> packets and then they're disappeared. (the initial SYN-packets get never out 
> of
> the director to the real server). Can someone give some tips where to look?
> 
> Thanks in advance,
> davy.
> 
> 
> 
> 
> 
> 
> 
> --- Dit bericht werd verzonden met de Webmail van Hogeschool Gent
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
--

<Prev in Thread]	Current Thread	[Next in Thread>
Director doesn't forward packets to realserver, Davy De Winter Re: Director doesn't forward packets to realserver, Graham David Purcocks M.A.(Oxon.) <= Message not available Re: Director doesn't forward packets to realserver, Graham David Purcocks M.A.(Oxon.) Message not available Re: Director doesn't forward packets to realserver, Graham David Purcocks M.A.(Oxon.) Re: Director doesn't forward packets to realserver, Joseph Mack NA3T Re: Director doesn't forward packets to realserver, Joseph Mack NA3T Message not available Re: Director doesn't forward packets to realserver, Joseph Mack NA3T RE: Director doesn't forward packets to realserver, Peter Mueller RE: Director doesn't forward packets to realserver, Joseph Mack NA3T

Previous by Date:	Director doesn't forward packets to realserver, Davy De Winter
Next by Date:	Mail server in LVS, A.O
Previous by Thread:	Director doesn't forward packets to realserver, Davy De Winter
Next by Thread:	Re: Director doesn't forward packets to realserver, Graham David Purcocks M.A.(Oxon.)
Indexes:	[Date] [Thread] [Top] [All Lists]