|
Hi Matthew,
I can understand your frustration.
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.eth1.arp_ignore = 1
net.ipv4.conf.eth1.arp_announce = 2
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
This looks correct to me, but as you've already stated, there are no
packets seen on the RS. So as long as we don't see any incoming packets,
we don't even have to look at the RS configuration, except the proper
arp handling.
Director:
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
Should not be a problem, but I'd rather you disabled those as well.
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.eth1.arp_ignore = 0
net.ipv4.conf.eth1.arp_announce = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.eth1.send_redirects = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.log_martians = 1
And eth.log_martians is 1 as well, correct?
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
You've mentioned that ip_forward is 1 on the director
I've made sure that ip_forward is 0 on all 3 machines.
Ok, since with LVS-DR on 2.4 and higher kernel releases IP forwarding is
not needed anymore. Could you also send us following information for all
nodes:
ip addr show
ip rule show
ip route show
Only on the director:
for i in filter nat mangle; do
iptables -t $i -L -n;
done
I suspect rp_filter so far.
On Director:
tcpdump -n -i eth1 port 80
10:26:17.163619 IP 70.241.143.240.1257 > 74.52.166.35.http: S
707506018:707506018(0) win 65535 <mss 1452,nop,nop,sackOK>
<above line repeats tons of times before browser times out>
70.241.143.240 is a machine outside or inside of this cluster setup?
Nothing in /var/log/dmesg or /var/log/messages about those 46 dropped
packets.
That's unfortunate.
Anything else I can try?
echo 42 > /proc/sys/net/ipv4/vs/debug_level
Try a single connection attempt and then send the output of:
dmesg -s 1000000 | grep IPVS:
Does anyone offer paid support on this?
It's happened before. Joe normally sends a private email to possible
candidates offering paid support.
Best regards,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
| 