Re: [lvs-users] where is connection?

[Gerry Reno <greno@xxxxxxxxxxx>]

Gerry Reno wrote:
> Gerry Reno wrote:
>   
>> So I wait for a while and let all connections go inactive/timeout then I
>> reload webpage to VIP and make new connection using ssh to VIP and now 
>> it is showing on MASTER. Not one new entry in logs on either server. So 
>> how can this be?
>> MASTER:
>> [root@grp-01-00-50 keepalived]# ipvsadm -l
>> IP Virtual Server version 1.2.1 (size=4096)
>> Prot LocalAddress:Port Scheduler Flags
>> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
>> TCP 192.168.1.240:https rr persistent 600
>> -> 192.168.1.201:https Route 1 0 0
>> -> 192.168.1.200:https Route 1 0 0
>> TCP 10.3.0.3:http wlc persistent 600
>> TCP 192.168.1.240:http rr persistent 600
>> -> 192.168.1.201:http Route 1 1 0
>> -> 192.168.1.200:http Route 1 0 0
>> TCP 192.168.1.240:ssh rr persistent 600
>> -> 192.168.1.201:ssh Route 1 1 0
>> -> 192.168.1.200:ssh Route 1 0 0
>>
>>
>> BACKUP:
>> [root@grp-01-00-51 keepalived]# ipvsadm -l
>> IP Virtual Server version 1.2.1 (size=4096)
>> Prot LocalAddress:Port Scheduler Flags
>> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
>> TCP 192.168.1.240:https rr persistent 600
>> -> 192.168.1.201:https Route 1 0 0
>> -> 192.168.1.200:https Route 1 0 0
>> TCP 192.168.1.240:http rr persistent 600
>> -> 192.168.1.201:http Route 1 0 0
>> -> 192.168.1.200:http Route 1 0 0
>> TCP 192.168.1.240:ssh rr persistent 600
>> -> 192.168.1.201:ssh Route 1 0 0
>> -> 192.168.1.200:ssh Route 1 0 0
>>
>> Can anyone explain why this is happening. The LVS is working just fine 
>> but the connections aren't always where they should be.
>>
>> Gerry
>>
>>
>>   
>>     
> So I conduct another test: I restart both the BACKUP keepalived machine 
> and the .201 real server. As you can see above there was no traffic on 
> either of these. They both reboot fine and keepalived starts on the 
> BACKUP and the webserver starts on boot. Now I go back to the original 
> browser and click on an icon in the webapp that is using the VIP and it 
> just times out. Try a reload, still times out. I check the output from 
> ipvsadm:
>
> MASTER:
> [root@grp-01-00-50 keepalived]# ipvsadm -l
> IP Virtual Server version 1.2.1 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP 192.168.1.240:https rr persistent 600
> -> 192.168.1.201:https Route 1 0 0
> -> 192.168.1.200:https Route 1 0 0
> TCP 10.3.0.3:http wlc persistent 600
> TCP 192.168.1.240:http rr persistent 600
> -> 192.168.1.201:http Route 1 0 0
> -> 192.168.1.200:http Route 1 0 0
> TCP 192.168.1.240:ssh rr persistent 600
> -> 192.168.1.201:ssh Route 1 0 0
> -> 192.168.1.200:ssh Route 1 0 0
> [root@grp-01-00-50 keepalived]# ip addr show
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
> qlen 1000
> link/ether 00:0c:29:a7:c7:33 brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.150/24 brd 192.168.1.255 scope global eth0
> inet 192.168.1.240/24 scope global secondary eth0
> inet6 fe80::20c:29ff:fea7:c733/64 scope link
> valid_lft forever preferred_lft forever
>
>
> BACKUP:
> [root@grp-01-00-51 ~]# ipvsadm -l
> IP Virtual Server version 1.2.1 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP 192.168.1.240:https rr persistent 600
> -> 192.168.1.201:https Route 1 0 0
> -> 192.168.1.200:https Route 1 0 0
> TCP 192.168.1.240:http rr persistent 600
> -> 192.168.1.201:http Route 1 0 1 <------------- it is showing an 
> InActConn although it was showing no connections prior to clicking the 
> icon in the VIP browser.
> -> 192.168.1.200:http Route 1 0 0
> TCP 192.168.1.240:ssh rr persistent 600
> -> 192.168.1.201:ssh Route 1 0 0
> -> 192.168.1.200:ssh Route 1 0 0
> [root@grp-01-00-51 ~]# ip addr show
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
> qlen 1000
> link/ether 00:0c:29:54:ef:09 brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.151/24 brd 192.168.1.255 scope global eth0
> inet6 fe80::20c:29ff:fe54:ef09/64 scope link
> valid_lft forever preferred_lft forever
>
> I check the webservers direct access and everything is fine.
>
> So finally I recycle keepalived on the MASTER and only then do I regain 
> ability to using the VIP in the browser.
>
> So is it necessary to restart keepalived on both servers at the same time?
>
> I would like to know how to make LVS reliable even when taking servers 
> down for maintenance.
>
>
> Gerry
>
>
>   
And here is the LVS state after being able to connect using VIP again:

MASTER:
[root@grp-01-00-50 keepalived]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.240:https rr persistent 600
-> 192.168.1.201:https Route 1 0 0
-> 192.168.1.200:https Route 1 0 0
TCP 10.3.0.3:http wlc persistent 600
TCP 192.168.1.240:http rr persistent 600
-> 192.168.1.201:http Route 1 0 0
-> 192.168.1.200:http Route 1 4 0
TCP 192.168.1.240:ssh rr persistent 600
-> 192.168.1.201:ssh Route 1 0 0
-> 192.168.1.200:ssh Route 1 0 0
[root@grp-01-00-50 keepalived]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
qlen 1000
link/ether 00:0c:29:a7:c7:33 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.150/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.240/24 scope global secondary eth0
inet6 fe80::20c:29ff:fea7:c733/64 scope link
valid_lft forever preferred_lft forever


BACKUP:
[root@grp-01-00-51 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.240:https rr persistent 600
-> 192.168.1.201:https Route 1 0 0
-> 192.168.1.200:https Route 1 0 0
TCP 192.168.1.240:http rr persistent 600
-> 192.168.1.201:http Route 1 0 0
-> 192.168.1.200:http Route 1 0 0
TCP 192.168.1.240:ssh rr persistent 600
-> 192.168.1.201:ssh Route 1 0 0
-> 192.168.1.200:ssh Route 1 0 0
[root@grp-01-00-51 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
qlen 1000
link/ether 00:0c:29:54:ef:09 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.151/24 brd 192.168.1.255 scope global eth0
inet6 fe80::20c:29ff:fe54:ef09/64 scope link
valid_lft forever preferred_lft forever

So as you can see the VIP connection was made on the MASTER to RS .200.

To reiterate:
After rebooting the BACKUP, only when I recycle keepalived on the 
MASTER, then do I regain
ability to using the VIP in the browser.

So is it necessary to restart keepalived on both servers at the same time?

I would like to know how to make LVS reliable even when taking servers
down for maintenance.


Gerry