LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: LVS-Tun arp-encounter

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: LVS-Tun arp-encounter
From: Roberto Nibali <ratz@xxxxxxxxxxxx>
Date: Thu, 19 Jan 2006 23:18:35 +0100
  I am trying to setup an lvs in a fairly large environment (university).
The administration here does not want us to use a highly customized kernel,

:) Define highly customized kernel? From your other email I learn you're using a highly customized RH kernel.

so applying the "hidden" patch is not possible for me to get around the arp
issues.  As of right now, I have my lvs on a tiny test switch with a line
coming from our router, set up as follows:
VIP = x.x.x.208/32 on eth0:208
testd1 (Director 1):
  DIP1  = eth0:217  x.x.x.217
testd2 (Director 2):
  DIP2 = eth0:218  x.x.x.218
testn1 (Realserver 1):
  RIP1 = eth0         x.x.x.219
  VIP   = tunl0:208 x.x.x.208
testn2 (Realserver 2):
  RIP2 = eth0         x.x.x.220
  VIP   = tunl0:208 x.x.x.208

Looks good.

So far, I have set up the director:
   # echo "1" >/proc/sys/net/ipv4/ip_forward
   # ifconfig eth0:208 x.x.x.208 broadcast x.x.x.223 netmask 255.255.255.255

Hmm, s/223/208, don't you think? Shouldn't expose the problem you're describing though.

   # ipvsadm -C
   # ipvsadm -A -t x.x.x.208:www -s wrr
   # ipvsadm -a -t x.x.x.208:www -r x.x.x.219 -i -w 1
   # ipvsadm -a -t x.x.x.208:www -r x.x.x.220 -i -w 1
and Realservers:
   # echo "1" >/proc/sys/net/ipv4/ip_forward
   # insmod ipip
   # /sbin/ifconfig tunl0 up
   # echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
   # echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
   # echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore
   # echo 2 > /proc/sys/net/ipv4/conf/tunl0/arp_announce
   # ifconfig tunl0:208 x.x.x208 up
   # route add -host x.x.x.217 dev tunl0:208

Hmm, it's been too long since I've set up LVS_TUN, but don't you have to set the VIP route?

I was able to see connections as inactive on ipvsadm -L, but the client
never actually accesses the webserver. Am I using the arp_ignore and
arp_announce flags correctly?

Yes. However, can you try using the hidden flag? IIRC, RH still patches their kernels using this patch. If this does not work, could you send some tcpdumps and enabled debug_vs in the proc-fs please and send the output of one request?

Where do your client requests originate from?

Regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

<Prev in Thread] Current Thread [Next in Thread>