Yeah I tried that iptables rule on the director and that didn;t work.
I still get
18:59:30.870598 IP 184.108.40.206 >
ABTS-NCR-Dynamic-220.127.116.11.airtelbroadband.in: icmp 556:
18.104.22.168 unreachable - need to frag (mtu 1380)
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- 22.214.171.124 anywhere tcp
flags:SYN,RST,ACK/SYN,ACK TCPMSS set 1440
On 8/31/07, Graeme Fowler <graeme@xxxxxxxxxxx> wrote:
> On Fri, 2007-08-31 at 18:03 +0530, Sameer Garg wrote:
> > In my quest for setting up LVS-Tun we encountered another problem.
> > MTU and fragmentation is a known problem. First some back ground
> > information.
> > 1. We can't use LVS-DR because our machines are all over the place.
> > (Thank the ISP)
> > 2. The setup comprises of 2 machines. 1 director and 1 Real Server.
> > 3. We are using RHEL 4.
> What you have to remember is as follows:
> 1. The initial packet from the client to the realserver - the SYN packet
> - sets the parameters for the connection.
> 2. With TUN, the realserver is responding directly to the client.
> 3. That means if the tun0 interface(s) have an MTU of (for example)
> 1400, then you need to make the *realserver's VIP interface* have an MTU
> of 1400. How you do that varies with OS, but for a Linux server you'd do
> the following on the realserver:
> iptables -A OUTPUT -s VIRTUAL-IP -p tcp -m tcp --tcp-flags SYN,RST,ACK
> SYN,ACK -j TCPMSS --set-mss 1440
> ...which is in the HOWTO :)
> That then means the realserver will respond to the initial ACK with the
> MSS set for that connection; the client will see that MSS and *should*
> then adjust its' following packet sizes.
> You should leave the director and tun0 interfaces to do what they want,
> as I recall.
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users