Re: Problem using fwmark-services

[Matthias Krauss <mkrauss@xxxxxxxxxxxxxx>]

>>>That's not good! Either the app handler couldn't properly register
>>> the ip_vs_protocol, or packets flagged with appropriate fwmarks do not
>>> enter the IPVS code.
>> I agree ! at least the modules are registered:
>> lvs1:~# lsmod
>> Module                  Size  Used by
>> ip_vs_wrr               3200  2
>> ipt_MARK                2432  1
>>iptable_mangle          3072  1
>>ip_tables              16896  2 ipt_MARK,iptable_mangle
>> ip_vs                  77664  4 ip_vs_wrr
>Yep, you wouldn't see much otherwise.
>>>Also your virtual service entry looks completely bogus, so I
>>> suspect either your kernel or your user space binaries are wrong. What
>>>kind of machine do you use? >>32/64bit?
>> cpuid shows me: "Intel(R) Pentium(R) 4 CPU 2.80GHz" , i believe that
>> this type of cpu  has the 64 bit extension, not sure, i need to talk
>> to my vendor.
>dmidecode output should be enough, however P4 is not 64bit, only has 
PAE for 36bit memory addressing and probably EMT64.
I've attached the gziped output of dmicode

>>>Could you try a more recent debian kernel, please?
>> In the meantime i  tried the 2.6.8-2-686 image instead of 2.6.8-2-386
>>with no success, unfortunality i was not able yet to build a kernel
>>from kernel.org, apperently the way of compile from 2.4 to 2.6 have
>>changed and i dont have experience with it yet but i'm going to
>>continiue
>Is there a particular reason you need 2.6 kernel for your director 
setup? The way to compile kernel did not really change that much. Try:
>make menuconfig
>make
>This will generate you a vmlinux, modules and bzImage.
>Use 'make help' to get an information on how to properly install your 
kernel or do other funky things in your kernel source tree.
It wasn't that easy due to the udev change plus the fact that SATA 
drives makes things changing ...
>>>This looks correct. How does your resulting ipvsadm -L -n look?
>> In this sample i've set persistence but the same behaviour occure
>> without persistence.
>Ok.
>> lvs1:~# ipvsadm -Ln
>> IP Virtual Server version 1.2.0 (size=4096) Prot LocalAddress:Port
>> Scheduler Flags
>>   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
>> FWM  4 wrr persistent 3600
>>   -> 10.0.1.30:0                  Route   100    1          0
>>   -> 10.0.1.33:0                  Route   100    0          0
>>
>>
>> lvs1:~# ipvsadm -Lnc
>> IPVS connection entries
>> pro expire state       source             virtual            destination
>> IP  59:48  ERR!        10.0.1.70:0        0.0.0.4:0          10.0.1.30:0
>> TCP 14:52  ESTABLISHED 10.0.1.70:1231     10.0.1.232:80      
10.0.1.30:80
>Weird! Your packet could not be properly decapsulated, see the IP 
protocol entry? Please use at least 2.6.15 as kernel.
I've now 2.6.15.4 running.

>> lvs1:~# iptables -L -t mangle -n -v
>> Chain PREROUTING (policy ACCEPT 260 packets, 29393 bytes)
>>  pkts bytes target     prot opt in     out     source               
>> destination
>>     7   838 MARK       tcp  --  *      *       10.0.1.0/24          
>> 10.0.1.232          tcp dpt:80 MARK set 0x4
>This looks correct. You don't have other netfilter entries in either 
the filter or nat table?
No, not at all

>>>Also please set the debug level in /proc/.../vs/ to 5 or so and dump 
the kernlog entries here for the
>>> setup and one request please.

I did, please see the complete report of my new setup:

lvs2:~# uname -r
2.6.15.4
lvs2:~# modprobe ip_vs
lvs2:~# lsmod
Module                  Size  Used by
ip_vs_wrr               3872  2
ipt_MARK                2528  1
iptable_mangle          2912  1
ip_tables              23456  2 ipt_MARK,iptable_mangle
ip_vs                 106240  4 ip_vs_wrr

lvs2:~# less lvsinit
#!/bin/bash  
#lvsinit testscript
echo "0" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/conf/all/send_redirects
echo "1" > /proc/sys/net/ipv4/conf/default/send_redirects
echo "1" > /proc/sys/net/ipv4/conf/eth0/send_redirects
/sbin/iptables -F -t mangle
/sbin/iptables -t mangle -A PREROUTING -p tcp -s 10.0.1.0/24 -d 
10.0.1.232/32 --dport 80 -j MARK --set-mark 4
ifconfig eth0:0 10.0.1.232 broadcast 10.0.1.232 netmask 255.255.255.255
route add -host 10.0.1.232 dev eth0:0
ipvsadm -C
ipvsadm -A -f 4 -s wrr -p 3600
ipvsadm -a -f 4 -r 10.0.1.33 -g -w 100
ipvsadm -a -f 4 -r 10.0.1.30 -g -w 100
/sbin/ipvsadm -A -t 10.0.1.232:7000 -s wrr -p 3600
/sbin/ipvsadm -a -t 10.0.1.232:7000 -r 10.0.1.30 -g -w 10
/sbin/ipvsadm -a -t 10.0.1.232:7000 -r 10.0.1.33 -g -w 10

=> after a test request: from 10.0.1.62

lvs2:~# ipvsadm -Lcn
IPVS connection entries
pro expire state       source             virtual            destination
TCP 14:55  ESTABLISHED 10.0.1.62:3558     10.0.1.232:80      10.0.1.30:80
IP  59:53  ERR!        10.0.1.62:0        0.0.0.4:0          10.0.1.30:0

lvs2:~# less /var/log/kern.log
Mar  9 18:38:44 lvs2 kernel: IPVS: Registered protocols (TCP, UDP, AH, ESP)
Mar  9 18:38:44 lvs2 kernel: IPVS: Connection hash table configured 
(size=4096, memory=32Kbytes)
Mar  9 18:38:44 lvs2 kernel: IPVS: Each connection entry needs 116 bytes 
at least
Mar  9 18:38:45 lvs2 kernel: IPVS: ipvs loaded.
Mar  9 18:39:38 lvs2 kernel: ip_tables: (C) 2000-2002 Netfilter core team
Mar  9 18:39:39 lvs2 kernel: IPVS: ip_vs_sched_getbyname(): sched_name "wrr"
Mar  9 18:39:39 lvs2 kernel: IPVS: ip_vs_sched_getbyname(): sched_name "wrr"
Mar  9 18:39:39 lvs2 kernel: IPVS: [wrr] scheduler registered.
Mar  9 18:39:39 lvs2 kernel: IPVS: ip_vs_sched_getbyname(): sched_name "wrr"
Mar  9 18:39:39 lvs2 kernel: Enter: ip_vs_add_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 778
Mar  9 18:39:39 lvs2 kernel: Enter: ip_vs_new_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 729
Mar  9 18:39:39 lvs2 kernel: Leave: ip_vs_new_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 762
Mar  9 18:39:39 lvs2 kernel: Leave: ip_vs_add_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 867
Mar  9 18:39:39 lvs2 kernel: Enter: ip_vs_add_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 778
Mar  9 18:39:39 lvs2 kernel: Enter: ip_vs_new_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 729
Mar  9 18:39:39 lvs2 kernel: Leave: ip_vs_new_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 762
Mar  9 18:39:39 lvs2 kernel: Leave: ip_vs_add_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 867
Mar  9 18:39:39 lvs2 kernel: IPVS: ip_vs_sched_getbyname(): sched_name "wrr"
Mar  9 18:39:39 lvs2 kernel: Enter: ip_vs_add_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 778
Mar  9 18:39:39 lvs2 kernel: Enter: ip_vs_new_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 729
Mar  9 18:39:39 lvs2 kernel: Leave: ip_vs_new_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 762
Mar  9 18:39:39 lvs2 kernel: Leave: ip_vs_add_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 867
Mar  9 18:39:39 lvs2 kernel: Enter: ip_vs_add_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 778
Mar  9 18:39:39 lvs2 kernel: Enter: ip_vs_new_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 729
Mar  9 18:39:39 lvs2 kernel: Leave: ip_vs_new_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 762
Mar  9 18:39:39 lvs2 kernel: Leave: ip_vs_add_dest, 
net/ipv4/ipvs/ip_vs_ctl.c line 867

Many thanks
Matt.