|
Do your realservers have their default route set to the router?
On Fri, 2005-07-15 at 14:14, Davy De Winter wrote:
> Now I've discovered it only works I try to telnet from the router to the
> director which generates the following SYN-packets: ("telnet
> 192.168.11.5 80").
> 12:49:34.343547 IP 192.168.15.140820 > 192.168.11.5.www: S
> 4292399564:4292399464(0) win 5840 <mss 1460,sackOK,timestamp 22782562 0,
> nop, wscale 2>
> So this kind of packets are correctly forwarded director to the
> realserver (with IPIP-tunneling).
>
> When I try to generate packets from the client with a source-IP in the
> range 192.168.7.5 - 192.168.7.254 I get the following packet:
> 12:52:42.915203 IP 192.168.7.236.59361 > 192.168.11.5.www: S
> 3365510061:3365510061(0) win 32768 <mss 1460>
> and these aren't forwarded by the director (also using IPIP-tunneling)
>
> However, using LVS-tun / LVS-DR doesn't seem to make a big difference in
> this scenario. As you can see: the source IP of the second SYN-packet
> doesn't fall in the network-range of a local ethernet-card of the
> director, while the first one does. Can this make a difference and can
> this be solved?
>
> Thx,
> Davy.
>
> Graham David Purcocks M.A.(Oxon.) wrote:
>
> >I don't usually reply as I'm not a real expert. But I think your problem
> >is you can't use LVS-DR unless VIP and RIP are on the same network. What
> >you have requires a NAT or TUN system.
> >
> >
> >On Fri, 2005-07-15 at 11:40, Davy De Winter wrote:
> >
> >
> >>Hi,
> >>
> >>I've tried to setup a small LVS-DR testbed but I didn't manage to get
> >>things to
> >>work yet. The problem is that my director doesn't forward packets to the
> >>realserver and I don't know where to look further. Here's a graphical
> >>representation of my (simple) testnetwork:
> >>
> >>(VIP: 11.5)15.2 15.1 7.2 7.1
> >>DIRECTOR------------------------ROUTER--------------CLIENT
> >> | 10.4 (DIP) | 3.1
> >> | |
> >> | |
> >> | 10.1 (RIP) |
> >>REALSERVER-----------------------
> >>(VIP: 11.5)3.2
> >>
> >>To keep the drawing clean i've only listed the last 2 bytes of the
> >>ip-address
> >>(they all start with 192.168). The client sends http-requests with source
> >>ip in
> >>the range 192.168.7.5-192.168.7.254 to the routers which forwards them to
> >>the
> >>director. The destination IP of the request is 192.168.11.5. This is the
> >>VIP of
> >>the director. The router forwards the first packet (the SYN-packet of the
> >>TCP-stream) to the director. But the director doesn't forward the packet
> >>further
> >>to the realserver. When I look with tcpdump at the incoming interface of the
> >>director (192.168.15.2) the SYN-packets arrive just fine:
> >>
> >>15:17:12.975822 IP 192.168.7.38.25920 > 192.168.11.5.www: S
> >>292817339:292817339(0) win 32768 <mss 1460>
> >>15:17:12.975926 IP 192.168.7.193.29768 > 192.168.11.5.www: S
> >>284814485:284814485(0) win 32768 <mss 1460>
> >>15:17:13.309114 IP 192.168.7.47.49871 > 192.168.11.5.www: S
> >>294150796:294150796(0) win 32768 <mss 1460>
> >>15:17:13.309158 IP 192.168.7.139.31938 > 192.168.11.5.www: S
> >>270141166:270141166(0) win 32768 <mss 1460>
> >>
> >>More information about my director-configuration:
> >>
> >>1) The interfaces are configured as follows:
> >>
> >>auto eth0
> >>iface eth0 inet static
> >> address 10.10.2.94
> >> network 10.0.0.0
> >> netmask 255.0.0.0
> >> broadcast 10.255.255.255
> >> gateway 10.10.10.12
> >>
> >>auto eth0:11
> >>iface eth0:11 inet static
> >> address 192.168.11.5
> >> network 192.168.11.0
> >> netmask 255.255.255.0
> >> broadcast 192.168.11.255
> >>
> >>auto eth1
> >>iface eth1 inet static
> >> address 192.168.15.5
> >> network 192.168.15.0
> >> netmask 255.255.255.0
> >> broadcast 192.168.15.255
> >>
> >>auto eth2
> >>iface eth2 inet static
> >> address 192.168.10.4
> >> network 192.168.10.0
> >> netmask 255.255.255.0
> >> broadcast 192.168.10.255
> >>
> >>There's one alias for interface eth0.
> >>
> >>2) The virtual server is configured by hand:
> >>
> >>cat /proc/sys/net/ipv4/ip_forward
> >>echo "0" > /proc/sys/net/ipv4/ip_forward
> >>echo 'setting icmp redirects (1 on, 0 off)'
> >>echo "1" > /proc/sys/net/ipv4/conf/all/send_redirects
> >>cat /proc/sys/net/ipv4/conf/all/send_redirects
> >>echo "1" > /proc/sys/net/ipv4/conf/default/send_redirects
> >>cat /proc/sys/net/ipv4/conf/default/send_redirects
> >>echo "1" > /proc/sys/net/ipv4/conf/eth1/send_redirects
> >>cat /proc/sys/net/ipv4/conf/eth1/send_redirects
> >>
> >>ipvsadm -C
> >>
> >>echo "adding http ipvsadm round robin cheduling..."
> >>ipvsadm -A -t 192.168.11.5:www -s rr
> >>
> >>echo "forward to the realservers using direct routing with weight 1"
> >>ipvsadm -a -t 192.168.11.5:www -r 192.168.10.1 -g
> >>ping -c 1 192.168.10.1
> >>#ipvsadm -a -t 192.168.11.5:http -r 192.168.10.2 -g -w 1
> >>#ping -c 1 192.168.10.2
> >>#ipvsadm -a -t 192.168.11.5:http -r 192.168.10.3 -g -w 1
> >>#ping -c 1 192.168.10.3
> >>/sbin/ipvsadm
> >>
> >>3) All the modules necessary are loaded (I use kernel 2.6.11 - Linux
> >>Debian Sarge).
> >>
> >>Module Size Used by
> >>ip_vs_rr 2688 1
> >>iptable_filter 3008 0
> >>ipt_LOG 7360 1
> >>iptable_nat 26652 1
> >>ip_conntrack 53472 1 iptable_nat
> >>ip_tables 25280 3 iptable_filter,ipt_LOG,iptable_nat
> >>ip_vs_lc 2432 0
> >>ip_vs 103552 5 ip_vs_rr,ip_vs_lc
> >>uhci_hcd 32592 0
> >>ohci_hcd 18692 0
> >>ehci_hcd 33288 0
> >>usbcore 122748 3 uhci_hcd,ohci_hcd,ehci_hcd
> >>i2c_sis96x 5380 0
> >>i2c_core 22544 1 i2c_sis96x
> >>shpchp 100836 0
> >>pci_hotplug 30772 1 shpchp
> >>
> >>4) The route-table
> >>
> >>Destination Gateway Genmask Flags Metric Ref Use
> >>Iface
> >>192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> >>192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> >>192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
> >>10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
> >>0.0.0.0 10.10.10.12 0.0.0.0 UG 0 0 0 eth0
> >>
> >>5) ipvsadm -l and ipvsadm -l --stats gave me the following
> >>
> >>IP Virtual Server version 1.2.1 (size=4096)
> >>Prot LocalAddress:Port Scheduler Flags
> >> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> >>TCP 192.168.11.5:www rr
> >> -> 192.168.10.1:www Route 1 0 0
> >>
> >>
> >>epaperdirector94:/home/dgdwinte# ipvsadm -l --stats
> >>IP Virtual Server version 1.2.1 (size=4096)
> >>Prot LocalAddress:Port Conns InPkts OutPkts InBytes
> >>OutBytes
> >> -> RemoteAddress:Port
> >>TCP 192.168.11.5:www 0 0 0 0
> >> 0
> >> -> 192.168.10.1:www 0 0 0 0
> >> 0
> >>
> >>Everything seems to work fine, it only looks like the module "eats" al the
> >>packets and then they're disappeared. (the initial SYN-packets get never
> >>out of
> >>the director to the real server). Can someone give some tips where to look?
> >>
> >>Thanks in advance,
> >>davy.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>--- Dit bericht werd verzonden met de Webmail van Hogeschool Gent
> >>_______________________________________________
> >>LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> >>Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> >>or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> >>
> >>
--
|
