Re: LVS breaking ip_nat

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, Antonio Forster <aforster@xxxxxxxxx>
Subject:	Re: LVS breaking ip_nat_ftp (??)
From:	Joseph Mack NA3T <jmack@xxxxxxxx>
Date:	Fri, 2 Feb 2007 03:26:00 -0800 (PST)

On Wed, 8 Nov 2006, Antonio Forster wrote:

The SNAT rules are the following:

iptables -t nat -I POSTROUTING -o eth0 -s inst11  -j SNAT --to-source VIP1
iptables -t nat -I POSTROUTING -o eth0 -s inst12  -j SNAT --to-source VIP1
iptables -t nat -I POSTROUTING -o eth0 -s inst13  -j SNAT --to-source VIP1
iptables -t nat -I POSTROUTING -o eth0 -s inst14  -j SNAT --to-source VIP1
iptables -t nat -I POSTROUTING -o eth0 -s inst21  -j SNAT --to-source VIP2
iptables -t nat -I POSTROUTING -o eth0 -s inst22  -j SNAT --to-source VIP2
iptables -t nat -I POSTROUTING -o eth0 -s inst23  -j SNAT --to-source VIP2
iptables -t nat -I POSTROUTING -o eth0 -s inst24  -j SNAT --to-source VIP2
iptables -t nat -I POSTROUTING -o eth0 -s inst31  -j SNAT --to-source VIP3
iptables -t nat -I POSTROUTING -o eth0 -s inst32  -j SNAT --to-source VIP3
iptables -t nat -I POSTROUTING -o eth0 -s inst33  -j SNAT --to-source VIP3
iptables -t nat -I POSTROUTING -o eth0 -s inst34  -j SNAT --to-source VIP3
iptables -t nat -I POSTROUTING -o eth0 -s inst41  -j SNAT --to-source VIP4
iptables -t nat -I POSTROUTING -o eth0 -s inst42  -j SNAT --to-source VIP4
iptables -t nat -I POSTROUTING -o eth0 -s inst43  -j SNAT --to-source VIP4
iptables -t nat -I POSTROUTING -o eth0 -s inst44  -j SNAT --to-source VIP4


We have conducted all the tests you mentioned, and we found out that
if more than one instance is up and the LVS health checkers  are
monitoring them and seeing they are up, the outbound FTP fails.

The strange part is:
- during the test, there were one virtual server group with only one
active instance, and that one had about 20 sessions. when I activated
another instance on the same virtual server, the FTP worked fine until
the amount of connections on the second instance reached the same
amount of connections the first instance had. At that time, the FTP
stopped working again.

With this behavior I thought the problem was a result of the load
balancing itself. Since the scheduler in use is wlc, until LVS had to
start balancing again between the two instances, it was working. When
considering this, I decided to change the keepalived configs to
include persistence for the sessions, and after that, it seems to be
working in all situations..


Hi Antonio,
        Did you ever figure out what was going on?

After you posted, another similar setup was found towork for smtp.


http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.3-Tier.html#client_on_realserver_snat_multiple_vip

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

<Prev in Thread]	Current Thread	[Next in Thread>
Re: LVS breaking ip_nat_ftp (??), Joseph Mack NA3T <=

Previous by Date:	RE: Problems with LVS+heartbeat+ldirectord+iptables w/ SNAT/DNAT, Ordway, Ryan
Next by Date:	Re: real servers adding with virtual server / directors, vlrk
Previous by Thread:	LVS vs HA Proxy, howard chen
Next by Thread:	Re: real servers adding with virtual server / directors, vlrk
Indexes:	[Date] [Thread] [Top] [All Lists]

Re: LVS breaking ip_nat_ftp (??)