LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

LVS-Tun director not sending ipip packets

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: LVS-Tun director not sending ipip packets
From: Simon Detheridge <simon@xxxxxxxxxx>
Date: Sun, 29 Oct 2006 23:58:35 +0000
Hi,

I have a pair of directors, and a pair of realservers. The directors use heartbeat for high-availablility.

I've recently started having trouble with my backup director. I think the problem started when I upgraded from heartbeat 1.2.3, to 1.2.5 -- although this may be coincidental. Foolishly I forgot to check it was actually working correctly *before* I performed the upgrade. I only upgraded heartbeat on the backup director - I'm not touching the primary until I know the backup works.

When I stop heartbeat on my primary director, the backup director correctly (it seems) takes over the VIP, and sets up the director correctly. However, it does not appear to send any tunelled packets to the realservers.

I have checked this with tcpdump. On my primary director, I can see packets coming in to the VIP on the external interface, and going out as ipip packets (tcp protocol 4) on the internal interface. The realserver(s) then recieve these, and I can see them coming in as protocol 4 on the internal interface, and as expected on the tunl0 interface.

When I stop heartbeat on my primary director, and the backup takes over, I can see packets coming in on the VIP again, but no ipip packets go out the external interface (or anywhere else).

The output of ipvsadm on each machine is identical (when they are trying to be a director, obviously it's empty otherwise) and looks like this:

IP Virtual Server version 1.2.0 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.32.32.15:www wlc
  -> 10.0.0.100:www   Tunnel  50     0          0
  -> 10.0.0.101:www Tunnel  50     0          0
TCP  10.32.32.15:https wlc
  -> 10.0.0.100:https Tunnel  50     0          0
  -> 10.0.0.101:https Tunnel  50     0          0

Thus, everything *looks* like it's configured both correctly, and identically on both machines, but one is not working. Where would be the next place to look, to figure out why?

Thanks,
Simon

--
Simon Detheridge
SEN Developer, Widgit Software






This message has been scanned for viruses by BlackSpider MailControl - 
www.blackspider.com

<Prev in Thread] Current Thread [Next in Thread>