|
Hi. Thank you for reply.
For a starter, I understand I'm packing too much on my router. Not only
does it have PPPoE to the ISP while providing DNAT/SNAT, it runs the LVS as
mentioned as well as this connects to multiple ISP which uses policy
routing to return the packet that came from 1 ISP back to the ISP instead
of always using the default route, but I read somewhere in the archive that
LVS does not work properly against policy routing.
I've already given up on that subject and using Apache's mod_proxy_balancer
to do the load balanced proxy toward the real servers once the packet
actually lands on the router, so it doesn't have to use LVS to do the
packet forwarding.
hmm. icmp need_defrag packets are not getting back to the internet
side of the PPPoE segment. They may not be being generated. It would
help to debug the problem to know what's going on in this regard.
Can you run tcpdump on the outside of the director on a client
connection with < 1402 and >1402 bytes and see if the icmp packet is
generated? If it is, can you figure out why the icmp packet is not
making it to the client?
I'm just a learner and don't have much experience on many fields, so I may
be off the point but ping echoes do come and go fine for both global IP the
router has.
And since I don't have access to another different computer in the WAN, I
cannot do extensive WAN side testing that includes the PPPoE interface.
Noone has ever mentioned using PPPoE with LVS before, so I can't
come out and say that we know it works. (I would have hoped it did,
but that's not the same thing.)
I thought it was common enough of a configuration to see why I was getting
this problem, but I guess I'm just packing too much on 1 machine.
What happens if you just have a bare realserver on the server end
(ie rather than doing through the director)? PPPoE must be a solved
problem already - presumably it's working everywhere else for
packets > 1402.
I also have Apache running on the router/LVS machine and on that one,
everything works fine.
does this help or do nothing? If PMTU is working, you shouldn't need
this (clamping mss to the pmtu size sounds like a no-op to me). If
PMTU is not working, then you'll need something like the command in
the HOWTO section on LVS-Tun to handle the reduced payload for ipip
packets. If that fixes it, then we've got another bug.
If I remove this mss fix, I'll have problem accessing some web sites,
including hotmail.
Some webs do work though.
I just did another test as load balacing SMTP with LVS splitting the access
to 2 real servers behind the router/LVS machine and tried to send a 500KB
mail from hotmail to my mail account on the real server and it just worked.
So I assume, it has something to do with outgoing packet reaching to 1402
bytes and onwards, somehow making PPPoE packets to split up and never
making it onto the other side.
I'm having enough problems on other things to actually tackle this problem,
so right now I went in the way of Apache's proxy load balance on the router
but if there can be a fix for this (maybe by adding some firewall rules?),
I'd be appreciated to know.
Thanks.
_________________________________________________________________
【らいぶ寿司】5皿ごとにおこる、板前さんたちのパフォーマンスに注目!
http://livesushi.jp/
|
