Re: LVS, Bridge & TP

To:	Horms <horms@xxxxxxxxxxxx>, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: LVS, Bridge & TP
From:	mquich <mquich@xxxxxxxxx>
Date:	Wed, 14 Sep 2005 13:36:30 +0200

On 14/09/05, Horms <horms@xxxxxxxxxxxx> wrote:

> It seems that the problem is that the packets arriving on LVS2 also get
> mached by your iptables mark rule. In any case, to simplify things
> further, try only running lvs and iptables on one of the hosts.

I've stopped iptables & ipvsadm on LVS2 and everything is the same.
However if I make "/etc/rc.d/init.d/network stop" on LVS1 and leave
LVS2 without ipvsadm nor iptables (then LV2 is just as a cable that
connects the two switches), from the client I can surf (not passing
through dansguardian/squid).

I don't know if the problem is this, but I haven't configured any
other interface on LVS2 but br0 (IP=192.168.5.221). When it doesn't
work, I see packets arriving on LVS2 with SRC_IP=CIP and DST_IP=LVS1

> Yes, there is you need IPVS_DEBUG, or something like that.

Here we have debug information:

NOT WORKING (Packet passed to LVS2)
-----------------------

LVS1
--------
IPVS: lookup/in TCP 192.168.5.247:3397->192.168.5.111:8080 hit
Enter: ip_vs_dr_xmit, net/ipv4/ipvs/ip_vs_xmit.c line 441
Leave: ip_vs_dr_xmit, net/ipv4/ipvs/ip_vs_xmit.c line 474
LOTS OF LINES LIKE THESE....

LVS2 => iptables & ipvsadm on
--------
IPVS: lookup/out TCP 192.168.5.247:3397->192.168.5.111:8080 not hit
LOTS OF LINES LIKE THESE....

LVS2 => iptables & ipvsadm off
--------
IPVS: lookup/out TCP 192.168.5.247:3399->192.168.5.111:8080 not hit
LOTS OF LINES LIKE THESE....

********************************************************************************************

WORKING (Packet passed to LVS1)
----------------

LVS1
--------
IPVS: lookup/in TCP 192.168.5.247:3400->192.168.5.111:8080 not hit
IPVS: lookup service: fwm 80 TCP 192.168.5.111:8080 hit
IPVS: ip_vs_rr_schedule(): Scheduling...
IPVS: RR: server 192.168.5.111:0 activeconns 0 refcnt 1 weight 1
IPVS: Bind-dest TCP c:192.168.5.247:3400 v:192.168.5.111:8080
d:192.168.5.111:8080 fwd:L s:0 flg:181 cnt:1 destcnt:2
IPVS: Schedule fwd:L c:192.168.5.247:3400 v:192.168.5.111:8080
d:192.168.5.111:8080 flg:1C1 cnt:2
IPVS: TCP input  [S...] 192.168.5.111:8080->192.168.5.247:3400 state:
NONE->SYN_RECV cnt:2
IPVS: lookup/in TCP 192.168.5.247:3400->192.168.5.111:8080 hit
IPVS: TCP input  [..A.] 192.168.5.111:8080->192.168.5.247:3400 state:
SYN_RECV->ESTABLISHED cnt:2
IPVS: lookup/in TCP 192.168.5.247:3400->192.168.5.111:8080 hit
IPVS: lookup/in TCP 128.121.50.211:80->192.168.5.111:32842 not hit
IPVS: lookup service: fwm 0 TCP 192.168.5.111:32842 not hit
IPVS: lookup/in TCP 128.121.50.211:80->192.168.5.111:32842 not hit
IPVS: lookup/in TCP 128.121.50.211:80->192.168.5.111:32842 not hit
...
IPVS: lookup/in TCP 192.168.5.247:3400->192.168.5.111:8080 hit
IPVS: TCP input  [.FA.] 192.168.5.111:8080->192.168.5.247:3400 state:
ESTABLISHED->FIN_WAIT cnt:2
IPVS: lookup/in TCP 128.121.50.211:80->192.168.5.111:32842 not hit

LVS2
--------
No packets arriving

<Prev in Thread]	Current Thread	[Next in Thread>
LVS, Bridge & TP, mquich Re: LVS, Bridge & TP, Horms Re: LVS, Bridge & TP, mquich Re: LVS, Bridge & TP, Horms Re: LVS, Bridge & TP, mquich <= Re: LVS, Bridge & TP, Ranga Nathan Re: LVS, Bridge & TP, mquich Re: LVS, Bridge & TP, Horms Re: LVS, Bridge & TP, mquich Re: LVS, Bridge & TP, mquich Re: LVS, Bridge & TP, mquich Re: LVS, Bridge & TP, mquich Re: LVS, Bridge & TP, mquich Re: LVS, Bridge & TP, Joseph Mack NA3T Re: LVS, Bridge & TP, mquich

Previous by Date:	Re: Limit of LVS NAT ?, Joseph Mack NA3T
Next by Date:	Re: Limit of LVS NAT ?, Joe Stump
Previous by Thread:	Re: LVS, Bridge & TP, Horms
Next by Thread:	Re: LVS, Bridge & TP, Ranga Nathan
Indexes:	[Date] [Thread] [Top] [All Lists]