Re: LVS-Tun arp-encounter

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: LVS-Tun arp-encounter
From:	Roberto Nibali <ratz@xxxxxxxxxxxx>
Date:	Thu, 19 Jan 2006 23:18:35 +0100

  I am trying to setup an lvs in a fairly large environment (university).
The administration here does not want us to use a highly customized kernel,

:) Define highly customized kernel? From your other email I learn you'reusing a highly customized RH kernel.

so applying the "hidden" patch is not possible for me to get around the arp
issues.  As of right now, I have my lvs on a tiny test switch with a line
coming from our router, set up as follows:
VIP = x.x.x.208/32 on eth0:208
testd1 (Director 1):
  DIP1  = eth0:217  x.x.x.217
testd2 (Director 2):
  DIP2 = eth0:218  x.x.x.218
testn1 (Realserver 1):
  RIP1 = eth0         x.x.x.219
  VIP   = tunl0:208 x.x.x.208
testn2 (Realserver 2):
  RIP2 = eth0         x.x.x.220
  VIP   = tunl0:208 x.x.x.208


Looks good.

So far, I have set up the director:
   # echo "1" >/proc/sys/net/ipv4/ip_forward
   # ifconfig eth0:208 x.x.x.208 broadcast x.x.x.223 netmask 255.255.255.255

Hmm, s/223/208, don't you think? Shouldn't expose the problem you'redescribing though.

   # ipvsadm -C
   # ipvsadm -A -t x.x.x.208:www -s wrr
   # ipvsadm -a -t x.x.x.208:www -r x.x.x.219 -i -w 1
   # ipvsadm -a -t x.x.x.208:www -r x.x.x.220 -i -w 1
and Realservers:
   # echo "1" >/proc/sys/net/ipv4/ip_forward
   # insmod ipip
   # /sbin/ifconfig tunl0 up
   # echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
   # echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
   # echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore
   # echo 2 > /proc/sys/net/ipv4/conf/tunl0/arp_announce
   # ifconfig tunl0:208 x.x.x208 up
   # route add -host x.x.x.217 dev tunl0:208

Hmm, it's been too long since I've set up LVS_TUN, but don't you have toset the VIP route?

I was able to see connections as inactive on ipvsadm -L, but the client
never actually accesses the webserver. Am I using the arp_ignore and
arp_announce flags correctly?

Yes. However, can you try using the hidden flag? IIRC, RH still patchestheir kernels using this patch. If this does not work, could you sendsome tcpdumps and enabled debug_vs in the proc-fs please and send theoutput of one request?


Where do your client requests originate from?

Regards,
Roberto Nibali, ratz
--

echo'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

<Prev in Thread]	Current Thread	[Next in Thread>
LVS-Tun arp-encounter, Matt Chan Re: LVS-Tun arp-encounter, Nick Silkey Re: LVS-Tun arp-encounter, Joseph Mack NA3T Re: LVS-Tun arp-encounter, Matt Chan Re: LVS-Tun arp-encounter, Joseph Mack NA3T Re: LVS-Tun arp-encounter, Matt Chan Re: LVS-Tun arp-encounter, Joseph Mack NA3T Re: LVS-Tun arp-encounter, Roberto Nibali Re: LVS-Tun arp-encounter, Roberto Nibali <= Re: LVS-Tun arp-encounter, Matt Chan Re: LVS-Tun arp-encounter, Matt Chan

Previous by Date:	Re: effect of changing settings in ha.cf, Roberto Nibali
Next by Date:	question on faq 4.18, Judd Bourgeois
Previous by Thread:	Re: LVS-Tun arp-encounter, Roberto Nibali
Next by Thread:	Re: LVS-Tun arp-encounter, Matt Chan
Indexes:	[Date] [Thread] [Top] [All Lists]