Re: Looking for Simple Instructions

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Looking for Simple Instructions
From:	Matthew <matthew@xxxxxxxxxxxxxxxx>
Date:	Fri, 10 Nov 2006 11:43:33 -0600

I've attempted to simplify things on this new attempt (fyi, there is noeth0 on any of the machines):


DIP = 74.52.166.34  bound to eth1
VIP = 74.52.166.35  bound to eth1:35

RS1 = 74.52.166.50  bound to eth1
RS1VIP = 74.52.166.35 bound to lo:35

RS2 = 74.52.166.130 bound to eth1
RS2VIP = 74.52.166.35 bound to lo:35

On Director:
  [root@lb1 ~]# sysctl -p
  net.ipv4.conf.lo.arp_ignore = 0
  net.ipv4.conf.lo.arp_announce = 0
  net.ipv4.conf.eth1.arp_ignore = 0
  net.ipv4.conf.eth1.arp_announce = 0
  net.ipv4.conf.all.send_redirects = 1
  net.ipv4.conf.default.send_redirects = 1
  net.ipv4.conf.eth1.send_redirects = 1
  net.ipv4.ip_forward = 0
  net.ipv4.conf.default.rp_filter = 1
  net.ipv4.conf.default.accept_source_route = 0

On both RS's:
  net.ipv4.conf.lo.arp_ignore = 1
  net.ipv4.conf.lo.arp_announce = 2
  net.ipv4.conf.eth1.arp_ignore = 1
  net.ipv4.conf.eth1.arp_announce = 2
  net.ipv4.ip_forward = 0
  net.ipv4.conf.default.rp_filter = 1
  net.ipv4.conf.default.accept_source_route = 0

Care to show the ipvsadm -L -n output?


[root@lb1 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.0 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  74.52.166.35:23 rr
  -> 74.52.166.50:23              Route   1      0          0
  -> 74.52.166.130:23             Route   1      0          0

The preferred way of dealing with this is by instrumentingarp_{announce,ignore} in the proc-fs.

I've cleared out all the arptables stuff and are trying to use thearp_{announce,ignore} as suggested but I am unsure which interfaces needwhat setting. The mini-HOWTO isn't too clear on this.

Can you tcpdump on the director? Are you sure there's not some filteringof illicit traffic on switch ports on your ISP's side?

Yes. Running "tcpdump -n -i eth1 port 23" on the director shows lots ofthese when I try and telnet from my home machine:

11:37:45.031014 IP 70.241.143.240.3165 > 74.52.166.35.telnet: S2050237163:2050237163(0) win 65535 <mss 1452,nop,nop,sackOK>

Running "tcpdump -n -i any port 23" on the 2 RS's shows nothing when Itry to telnet to the VIP.


Thanks very much for your assistance.

-Matthew

<Prev in Thread]	Current Thread	[Next in Thread>
Looking for Simple Instructions, Matthew Re: Looking for Simple Instructions, Roberto Nibali Re: Looking for Simple Instructions, Matthew <= Re: Looking for Simple Instructions, Roberto Nibali Re: Looking for Simple Instructions, Matthew Re: Looking for Simple Instructions, Roberto Nibali Re: Looking for Simple Instructions, Matthew Re: Looking for Simple Instructions, Roberto Nibali Re: Looking for Simple Instructions, Matthew Re: Looking for Simple Instructions, Roberto Nibali Re: Looking for Simple Instructions, Matthew Re: Looking for Simple Instructions, Roberto Nibali Re: Looking for Simple Instructions, Matthew

Previous by Date:	Problem to have a routeur/firewall and a Load balancer(ipvs) on the same server, Damien 'zaide' Desmarets
Next by Date:	Re: Looking for Simple Instructions, Roberto Nibali
Previous by Thread:	Re: Looking for Simple Instructions, Roberto Nibali
Next by Thread:	Re: Looking for Simple Instructions, Roberto Nibali
Indexes:	[Date] [Thread] [Top] [All Lists]