Hi Per,
Yes, you could try the forward shared approach:
http://www.ssi.bg/~ja/#lvsgw
OK, I'm trying that, but I'm seeing something odd - let me describe my
test-setup:
1+4 servers, all on the same physical network = n.n.n.72/73/74/75/76.
Server#1 is director, the others are real servers. My VIP is n.n.n.80.
I've got the forward_shared patch applied on the director:
# cat /proc/sys/net/ipv4/conf/all/forward_shared
1
Well, the ../all/* simply means that the feature globally is enabled
now. However within the interface definition (aka ../ethX/*) it might be
disabled, nevertheless. Could you please check if it's enabled per default?
On a side note, an explanation of the flags all, default and others:
http://marc.theaimsgroup.com/?l=linux-virtual-server&m=97932487110806&w=2
# ipvsadm -l -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 217.8.220.80:25 rr
-> 217.8.220.73:25 Route 1 0 0
Weren't the RS in the 88.198/16 range? I'm a bit confused.
The default route on the the real server (just server#2 for now) points
to the director at n.n.n.72.
I've got an external client on 88.198.n.n.
I was trying to see what path responses from server#2 would take to get
back to the client, so I did some tracerouting and pinging, and this is
where something odd happened (odd to me anyway).
On the first traceroute from server#2 to my client at 88.198.n.n., I see
the path going through my director, looks good. On a subsequent
traceroute, the director is skipped and instead the path goes straight
to my default gateway. When I tried pinging instead I saw this:
1) DGW for RS2 should be the director
2) have you played with {send,accept}_redirect?
# ping 88.198.7.133
PING 88.198.7.133 (88.198.7.133) 56(84) bytes of data.
From 217.8.220.72: icmp_seq=1 Redirect Host(New nexthop: 217.8.220.66)
I'll be doing some more googling, but I thought someone might recognise
this right away?
PMTU and ICMP redirect. The director should not do that :).
Since I'm not sure anymore if I understand your network setup, would it
be possible for you to send along a ASCII-sketch (no tabs, please) with
IP addresses?
Cheers,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
|