Re: Problem using fwmark-services

[Matthias Krauss <MKrauss@xxxxxxxxxxxxxx>]

>>That's not good! Either the app handler couldn't properly register 
the ip_vs_protocol, or packets flagged with appropriate fwmarks do not 
enter the IPVS code.
I agree ! at least the modules are registered:
> lvs1:~# lsmod
> Module                  Size  Used by
> ip_vs_wrr               3200  2
> ipt_MARK                2432  1
> iptable_mangle          3072  1
> ip_tables              16896  2 ipt_MARK,iptable_mangle
> ip_vs                  77664  4 ip_vs_wrr
>>Also your virtual service entry looks completely bogus, so I suspect 
either your kernel or your user space binaries are wrong. What kind of 
machine do you use? >>32/64bit?
cpuid shows me: "Intel(R) Pentium(R) 4 CPU 2.80GHz" , i believe that 
this type of cpu  has the 64 bit extension, not sure, i need to talk to 
my vendor.
>>Could you try a more recent debian kernel, please?

In the meantime i  tried the 2.6.8-2-686 image instead of 2.6.8-2-386 
with no success, unfortunality i was not able yet to build a kernel from 
kernel.org,
apperently the way of compile from 2.4 to 2.6 have changed and i dont 
have experience with it yet but i'm going to continiue
>>This looks correct. How does your resulting ipvsadm -L -n look?

In this sample i've set persistence but the same behaviour occure 
without persistence.
> lvs1:~# ipvsadm -Ln
> IP Virtual Server version 1.2.0 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
>   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> FWM  4 wrr persistent 3600
>   -> 10.0.1.30:0                  Route   100    1          0
>   -> 10.0.1.33:0                  Route   100    0          0
>
>
> lvs1:~# ipvsadm -Lnc
> IPVS connection entries
> pro expire state       source             virtual            destination
> IP  59:48  ERR!        10.0.1.70:0        0.0.0.4:0          10.0.1.30:0
> TCP 14:52  ESTABLISHED 10.0.1.70:1231     10.0.1.232:80      10.0.1.30:80
>
>
> lvs1:~# iptables -L -t mangle -n -v
> Chain PREROUTING (policy ACCEPT 260 packets, 29393 bytes)
>  pkts bytes target     prot opt in     out     source               
> destination
>     7   838 MARK       tcp  --  *      *       10.0.1.0/24          
> 10.0.1.232          tcp dpt:80 MARK set 0x4
>>Nope, not seen as such. Also please set the debug level in 
/proc/.../vs/ to 5 or so and dump the kernlog entries here for the setup 
and one request please.
Unfortunality "CONFIG_IP_VS_DEBUG" is disabled, think it's useless to 
set debugging unless i have a recent / customized kernel running, will 
come back.
Thanks for helping

Matt.