Re: Problem with fallback 127.0.0.1:80

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	Re: Problem with fallback 127.0.0.1:80
From:	Jonathan Trott <jtrott@xxxxxxxxxxx>
Date:	Wed, 28 Jun 2006 16:46:42 +1000

Arnd wrote on 12/05/2006 20:00:04:

> Hi,
> 
> Dominik Klein schrieb:
> >> 'ipvsadm -L -n' shows the following enrty:
> >>
> >> TCP  <public_ip>:80 wlc
> >>  -> 127.0.0.1:80                 Local   1      0          0 
> >> Doesn't this entry must show "masq" on the line with "127.0.0.1" 
> >> instead of "Local"? 
> > 
> > No. Local is fine.
> > 
> >> If the servers are up they are in the list with "-> 192.168.1.151 
masq 
> >> 100 0 0". Do I need to set any iptable-rules (masquerading) for 
beeing 
> >> able to connect to the fallback-server from the internet? 
> > 
> > Normally not. Do you have any other iptables rules on your director 
that 
> > may be blocking this?
> 
> The iptables rules allow access to any internal server, port 80 and 443.
> 
> Rules for the lo-device are all open:
> 
> $IPT -t filter -A INPUT -p all -i lo -j ACCEPT
> $IPT -t filter -A OUTPUT -p all -o lo -j ACCEPT
> 
> $IPT -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE
> 
> I was not setting up the firewall rules so maybe I overlooked one rule. 
> But a dropping firewal should throw away any syn-packets (drop) and 
> while I'm receiving an "reset" it must be anything else.
> 
> The tcp-packet arrives on the external interface but it is not 
> redirected to the lo-interface. Is this not a director task?
> 
> Arnd

I'm also experiencing the same problem with getting fallback on localhost 
working. In the end I setup fallback on the VIP of the cluster and that 
seems to work.
My details:
Fedora Core release 4
2.6.15-1.1833_FC4smp
heartbeat-ldirectord-2.0.5-1

ldirectord.conf:

# Global Directives
checktimeout=3
checkinterval=1
#fallback=127.0.0.1:80
autoreload=yes
logfile="/var/log/ldirectord.log"
#logfile="local0"
quiescent=yes

virtual=a.b.c.d:80
        real=192.168.3.110:80 masq
        fallback=127.0.0.1:80
        service=http
        request="login.asp"
        receive="Please enter"
        scheduler=lc
        #persistent=600
        #netmask=255.255.255.255
        protocol=tcp

ipvsadm -L -n:

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  a.b.c.d:80 lc
  -> 127.0.0.1:80                 Local   1      0          0 

tcpdump:

[root@lvs3 ~]# tcpdump -i eth1 host a.b.c.e
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
11:03:03.176753 IP a.b.c.e.50891 > a.b.c.d.http: S 
2138124158:2138124158(0) win 5840 <mss 1460,sackOK,timestamp 213381628 
0,nop,wscale 2>
11:03:03.176821 IP a.b.c.d > a.b.c.e: icmp 68: 203.34.51.138 tcp port http 


unreachable

iptables is configured to accept all to and from lo and to logdrop 
everything else. Nothing appears in the firewall logs.
When I change the configuration as follows:

virtual=a.b.c.d:80
        real=192.168.3.110:80 masq
        fallback=a.b.c.d:80 gate
        service=http
        request="login.asp"
        receive="Please enter"
        scheduler=lc
        #persistent=600
        #netmask=255.255.255.255
        protocol=tcp

Then I get a working fallback server.
Is there something broken in the 2.6.15 kernel lvs maybe?
Thanks,
JT

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Problem with fallback 127.0.0.1:80, Jonathan Trott <=

Previous by Date:	Re: Realserver failover problem using ssl and tomcat, Jason Downing
Next by Date:	Re: Realserver failover problem using ssl and tomcat, Horms
Previous by Thread:	Realserver failover problem using ssl and tomcat, Jason Downing
Next by Thread:	Problems with keepalived, Dr A V Le Blanc
Indexes:	[Date] [Thread] [Top] [All Lists]