[lvs-users] keepalived: SSH getting "No route to host"

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	[lvs-users] keepalived: SSH getting "No route to host"
From:	Gerry Reno <greno@xxxxxxxxxxx>
Date:	Thu, 20 Sep 2007 00:31:26 -0400

I have setup a stanza in keepalived.conf for SSH to use an alternate 
port.  But whenever I try to ssh into the VIP on the alternate port I 
get a "No route to host".  It looks like it gets to the director but it 
never gets to the real server.  I see an immediate inactive connection 
in IPVS.  All firewalls on both directors and real servers are down.  
keepalived is 1.1.13.  All the other IPVS traffic is behaving correctly, 
80, 8080, 443.

????

Gerry


=====================================================
On a non-director machine:
# ssh -p 33322 -v root@xxxxxxxxxxxxx
OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.240 [192.168.1.240] port 33322.
debug1: connect to address 192.168.1.240 port 33322: No route to host
ssh: connect to host 192.168.1.240 port 33322: No route to host


On director:
# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.240:443 rr persistent 600
  -> 192.168.1.201:443            Route   1      0          0        
  -> 192.168.1.200:443            Route   1      0          0        
TCP  192.168.1.240:33322 rr persistent 600
  -> 192.168.1.26:22              Route   1      0          0        
  -> 192.168.1.25:22              Route   1      0          1        


keepalived.conf:
...
virtual_server 192.168.1.240 33322 {
        delay_loop 5
        lb_algo rr
        lb_kind DR
        persistence_timeout 600
        protocol TCP

        real_server 192.168.1.25 22 { 
                weight 1
                inhibit_on_failure
                TCP_CHECK {
                        connect_port 22
                        connect_timeout 3
                        nb_get_retry 3
                        delay_before_retry 1
                }
        }
        real_server 192.168.1.26 22 { 
                weight 1
                inhibit_on_failure
                TCP_CHECK {
                        connect_port 22
                        connect_timeout 3
                        nb_get_retry 3
                        delay_before_retry 1
                }
        }
}
...

master director:
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
qlen 1000
    link/ether 00:0c:29:a7:c7:33 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.150/24 brd 192.168.1.255 scope global eth0
    inet 192.168.1.240/24 scope global secondary eth0
    inet6 fe80::20c:29ff:fea7:c733/64 scope link
       valid_lft forever preferred_lft forever

backup director:
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet 192.168.1.240/32 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
qlen 1000
    link/ether 00:0c:29:54:ef:09 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.151/24 brd 192.168.1.255 scope global eth0
    inet6 fe80::20c:29ff:fe54:ef09/64 scope link
       valid_lft forever preferred_lft forever

realservers:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
qlen 1000
    link/ether 00:18:f8:0b:55:54 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.25/24 brd 192.168.1.255 scope global eth0
    inet6 fe80::218:f8ff:fe0b:5554/64 scope link
       valid_lft forever preferred_lft forever

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] keepalived: SSH getting "No route to host", Gerry Reno <= Re: [lvs-users] keepalived: SSH getting "No route to host", Gerry Reno Re: [lvs-users] keepalived: SSH getting "No route to host", Con Tassios Re: [lvs-users] keepalived: SSH getting "No route to host", Gerry Reno Re: [lvs-users] keepalived: SSH getting "No route to host", Gerry Reno Re: [lvs-users] keepalived: SSH getting "No route to host", Gerry Reno Re: [lvs-users] keepalived: SSH getting "No route to host", Gerry Reno Re: [lvs-users] keepalived: SSH getting "No route to host", Gerry Reno Re: [lvs-users] keepalived: SSH getting "No route to host", Joseph Mack NA3T Re: [lvs-users] keepalived: SSH getting "No route to host", Gerry Reno Re: [lvs-users] keepalived: SSH getting "No route to host", Joseph Mack NA3T

Previous by Date:	Re: [lvs-users] LVS-NAT simple (?) setup not working in mysterious way?, Steve Wray
Next by Date:	Re: [lvs-users] keepalived: SSH getting "No route to host", Gerry Reno
Previous by Thread:	[lvs-users] LVS-NAT simple (?) setup not working in mysterious way?, Steve Wray
Next by Thread:	Re: [lvs-users] keepalived: SSH getting "No route to host", Gerry Reno
Indexes:	[Date] [Thread] [Top] [All Lists]