LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: LVS-NAT and MTU

from [Joseph Mack NA3T] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: LVS-NAT and MTU
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Mon, 19 Dec 2005 05:55:06 -0800 (PST) 
On Mon, 19 Dec 2005, [ISO-8859-1] Frédéric VANNIÈRE wrote:


Hello,
I'm running LVS using NAT, the director is connected to the internet (MTU 1500) and the real servers are connected to the director by a GbE local network (MTU 9000), they use the director as a gateway. 

On the director :
 - /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j
MASQUERADE
 - /proc/sys/net/ipv4/ip_no_pmtu_disc = 0
 - /proc/sys/net/ipv4/conf/eth0/send_redirects = 1

There are no errors in logs.


On the real servers:
 - /sbin/iptables -t nat -A OUTPUT -p tcp -d $VIP --dport 80 -j DNAT
--to ${RIP}:80
 - /proc/sys/net/ipv4/ip_no_pmtu_disc = 0
 - /proc/sys/net/ipv4/conf/eth0/send_redirects = 1


This configuration works very well with most clients but not with all.
With a tunisian DSL ISP clients can't browse the websites if GbE local network has a 1500 MTU instead of 9000.
With a french ISP (Wanadoo, Livebox Sagem working with Vxworks) POST doesn't work at all if the request is too long.
Not sure whats going on here. At least one place in the setup is not honoring MTU fragmentation requests. I would expect if the GbE is 1500, then everyone should be happy, since everyone else would be using the defaults.
what's the MTU for the NIC on the director facing the outside world? 

Do you have the tcpip flags set to allow fragmentation?
(If you haven't fiddled with them, they will allow fragementation). 

There's a writeup in the HOWTO on using POST to detect
fragmentation problems, if you need to debug your
setup. The POST problem would indicate that there
are fragmentation problems, somewhere. Where is not
obvious. Can you do a big POST from a client attached
directly to the outside NIC of the director? If yes,
the problem is between the Wanadoo client and you.
If no, the problem is in your setup, possibly between
the director and the realserver.


I've tried the following the solution found in the how-to (executed on
each real server with gateway
as the VIRTUAL-IP):

  iptables -A OUTPUT -s VIRTUAL-IP -p tcp -m tcp --tcp-flags SYN,RST,ACK 
SYN,ACK -j TCPMSS --set-mss 1440
this is for LVS-Tun only, for getting the packets from the director to the realserver. 

Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux!















[More with this subject...]










<Prev in Thread]
Current Thread
[Next in Thread>




    

  • LVS-NAT and MTU, Frédéric VANNIÈRE

      

    • Re: LVS-NAT and MTU,
Joseph Mack NA3T <=

      • 

    

    • 

















Previous by Date: 
LVS-NAT and MTU, Frédéric VANNIÈRE




Next by Date: 
Customized checks in ldirectord, Tim.Einmahl




Previous by Thread: 
LVS-NAT and MTU, Frédéric VANNIÈRE




Next by Thread: 
Customized checks in ldirectord, Tim.Einmahl




Indexes: 
[Date]
[Thread]
[Top]
[All Lists]