|
Graeme Fowler wrote (at Fri, Aug 31, 2007 at 02:19:49PM +0100):
> 3. That means if the tun0 interface(s) have an MTU of (for example)
> 1400, then you need to make the *realserver's VIP interface* have an MTU
> of 1400. How you do that varies with OS, but for a Linux server you'd do
> the following on the realserver:
>
> iptables -A OUTPUT -s VIRTUAL-IP -p tcp -m tcp --tcp-flags SYN,RST,ACK
> SYN,ACK -j TCPMSS --set-mss 1440
>
> ...which is in the HOWTO :)
>
> That then means the realserver will respond to the initial ACK with the
> MSS set for that connection; the client will see that MSS and *should*
> then adjust its' following packet sizes.
>
> You should leave the director and tun0 interfaces to do what they want,
> as I recall.
But, for some reason that I cannot remember, I have switched off of
this iptables method in favor of using some advanced routing to take
care of the MSS setting. I wish I would have shared with the group
when I started it, because I can't remember why I'm doing it this way now.
Still on the real servers, I use routing like so:
This assumes the VIP is in a class C network
ip route flush table 42
ip route add table 42 to VIP_NETWORK/24 dev eth0 advmss 1440
ip route add table 42 to default via VIP_NETWORK_GATEWAY advmss 1440
ip rule add from VIP table 42 priority 42
ip route flush cache
So, for example, say VIP is 10.2.2.38
VIP_NETWORK is 10.2.2.0
VIP_NETWORK_GATEWAY is 10.2.2.1 (probably)
ip route flush table 42
ip route add table 42 to 10.2.2.0/24 dev eth0 advmss 1440
ip route add table 42 to default via 10.2.2.1 advmss 1440
ip rule add from VIP table 42 priority 42
ip route flush cache
The number 42 is just a number I chose when I started this.
--
--------------------------------------
Casey Zacek
Network Services
NeoSpire, Inc.
1807 Ross Ave., Ste. 300
Dallas, TX 75201
www.neospire.net -- Managed Hosting Solutions
P. 214-468-0768
F. 214-720-1836
--------------------------------------
|
