LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: PPPoE and LVS router

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: PPPoE and LVS router
From: "Hideki" <sithgunner@xxxxxxxxxxx>
Date: Mon, 19 Mar 2007 13:13:03 +0000

Hi. Thank you for reply.

For a starter, I understand I'm packing too much on my router. Not only does it have PPPoE to the ISP while providing DNAT/SNAT, it runs the LVS as mentioned as well as this connects to multiple ISP which uses policy routing to return the packet that came from 1 ISP back to the ISP instead of always using the default route, but I read somewhere in the archive that LVS does not work properly against policy routing.

I've already given up on that subject and using Apache's mod_proxy_balancer to do the load balanced proxy toward the real servers once the packet actually lands on the router, so it doesn't have to use LVS to do the packet forwarding.

hmm. icmp need_defrag packets are not getting back to the internet side of the PPPoE segment. They may not be being generated. It would help to debug the problem to know what's going on in this regard. Can you run tcpdump on the outside of the director on a client connection with < 1402 and >1402 bytes and see if the icmp packet is generated? If it is, can you figure out why the icmp packet is not making it to the client?

I'm just a learner and don't have much experience on many fields, so I may be off the point but ping echoes do come and go fine for both global IP the router has. And since I don't have access to another different computer in the WAN, I cannot do extensive WAN side testing that includes the PPPoE interface.

Noone has ever mentioned using PPPoE with LVS before, so I can't come out and say that we know it works. (I would have hoped it did, but that's not the same thing.)

I thought it was common enough of a configuration to see why I was getting this problem, but I guess I'm just packing too much on 1 machine.

What happens if you just have a bare realserver on the server end (ie rather than doing through the director)? PPPoE must be a solved problem already - presumably it's working everywhere else for packets > 1402.

I also have Apache running on the router/LVS machine and on that one, everything works fine.

does this help or do nothing? If PMTU is working, you shouldn't need this (clamping mss to the pmtu size sounds like a no-op to me). If PMTU is not working, then you'll need something like the command in the HOWTO section on LVS-Tun to handle the reduced payload for ipip packets. If that fixes it, then we've got another bug.

If I remove this mss fix, I'll have problem accessing some web sites, including hotmail.
Some webs do work though.

I just did another test as load balacing SMTP with LVS splitting the access to 2 real servers behind the router/LVS machine and tried to send a 500KB mail from hotmail to my mail account on the real server and it just worked. So I assume, it has something to do with outgoing packet reaching to 1402 bytes and onwards, somehow making PPPoE packets to split up and never making it onto the other side.

I'm having enough problems on other things to actually tackle this problem, so right now I went in the way of Apache's proxy load balance on the router but if there can be a fix for this (maybe by adding some firewall rules?), I'd be appreciated to know.

Thanks.

_________________________________________________________________
【らいぶ寿司】5皿ごとにおこる、板前さんたちのパフォーマンスに注目! http://livesushi.jp/

<Prev in Thread] Current Thread [Next in Thread>