Re: [lvs-users] Problem with LVS-TUN different network

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] Problem with LVS-TUN different network
From:	"Kochva Ofir" <Ofir.Kochva@xxxxxxxxxxxx>
Date:	Thu, 28 Jun 2007 14:14:07 +0300

Please remove me from distribution list

-----Original Message-----
From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Kalpin
Erlangga Silaen
Sent: Thursday, June 28, 2007 1:50 PM
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] Problem with LVS-TUN different network

Hello lvs-users,

  I have problem to setup LVS-TUN with different network. Before I have
success to implement LVS-TUN with same network. My existing topology is

Internet --- Router --- PIX Firewall ---- Swicth ---- LDirector
                                             |
                                             |
                                       RealServer 1 ... RealServer 3

in LDirector:
OS : FC 5 + ultramonkey
RIP: 192.168.32.5
VIP: 192.168.32.7
sysctl.conf:
net.ipv4.ip_forward = 1

in Realserver 1:
OS: FC 5
RIP: 192.168.32.9
TUNL0: 192.168.32.7
sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2

in Realserver 2:
OS: FC 5
RIP: 192.168.32.11
TUNL0: 192.168.32.7
sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2

in Realserver 3:
OS: FC 5
RIP: 192.168.32.15
TUNL0: 192.168.32.7
sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2

/etc/ha.d/ldirectord.conf:

checktimeout=10
checkinterval=2
autoreload=yes
logfile="/var/log/ldirectord.log"
quiescent=yes

virtual=192.168.32.7:25
        fallback=127.0.0.1:25
        real=192.168.32.9:25 ipip
        real=192.168.32.11:25 ipip
        real=192.168.32.15:25 ipip
        service=smtp
        scheduler=wlc
        #persistent=600
        protocol=tcp

And works without any problem.

Later I am trying to implement LVS-TUN but over network, with topology
like below:

          RealServer 1 at ISP A    
             |
          Internet - Router - LDirector
             |
          RealServer 2 at ISP B

in LDirector:
OS : FC 5 + ultramonkey
RIP: 202.154.0.3
VIP: 202.154.0.5
sysctl.conf:
net.ipv4.ip_forward = 1

in Realserver 1 at ISP A:
OS: FC 5
RIP: 219.83.0.7
TUNL0: 202.154.0.5
sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2

in Realserver 1:
OS: FC 5
RIP: 124.56.9.21
TUNL0: 202.154.0.5
sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2

/etc/ha.d/ldirectord.conf:

checktimeout=10
checkinterval=2
autoreload=yes
logfile="/var/log/ldirectord.log"
quiescent=yes

virtual=202.154.0.5:25
        fallback=127.0.0.1:25
        real=124.56.9.21:25 ipip
        real=219.83.0.7:25 ipip
        service=smtp
        scheduler=wlc
        #persistent=600
        protocol=tcp

BUT it doesn't work. All firewall in all servers (ldirector and
realserver) has been flushed. Mail services in realservers are running
very well (I tested with telnet to port 25 from outside (other ISP for
independen issue) to the real ips, and responses very well).

But after implement this thing, I can't connect to VIP IP on ldirector
from outside (time out).
I checked ldirectord.log:

[Thu Jun 28 09:45:55 2007|ldirectord|2187] Added virtual server:
202.154.0.5:25
[Thu Jun 28 09:45:55 2007|ldirectord|2187] Added fallback server:
127.0.0.1:25 ( x 202.154.0.5:25) (Weight set to 1)
[Thu Jun 28 09:45:55 2007|ldirectord|2187] Quiescent real server:
124.56.9.21:25 ( x 202.154.0.5:25) (Weight set to 0)
[Thu Jun 28 09:45:55 2007|ldirectord|2187] Restored real server:
124.56.9.21:25 ( x 202.154.0.5:25) (Weight set to 1)
[Thu Jun 28 09:45:55 2007|ldirectord|2187] Deleted fallback server:
127.0.0.1:25 ( x 202.154.0.5:25)


TCP  202.154.0.5:25 wlc
  -> 124.56.9.21:25              Tunnel  1      0          3
  -> 219.83.0.7:25              Tunnel  1      0         2

Is it possible if blocked at ISP ? how do I check it ?

Need your help. Thank you.

-- 
Best regards,
 Kalpin                          mailto:kalpin@xxxxxxxxxxxxx

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] Problem with LVS-TUN different network, Kalpin Erlangga Silaen Re: [lvs-users] Problem with LVS-TUN different network, Kochva Ofir <= Re: [lvs-users] Problem with LVS-TUN different network, marc Re: [lvs-users] Problem with LVS-TUN different network, Joseph Mack NA3T Re: [lvs-users] Problem with LVS-TUN different network, Kalpin Erlangga Silaen Re: [lvs-users] Problem with LVS-TUN different network, Joseph Mack NA3T

Previous by Date:	[lvs-users] Problem with LVS-TUN different network, Kalpin Erlangga Silaen
Next by Date:	Re: [lvs-users] Q: SIP module for LVS, Graeme Fowler
Previous by Thread:	[lvs-users] Problem with LVS-TUN different network, Kalpin Erlangga Silaen
Next by Thread:	Re: [lvs-users] Problem with LVS-TUN different network, marc
Indexes:	[Date] [Thread] [Top] [All Lists]