|
hi lvs-evangelists,
i am really a LVS nebiew and i have setup an LVS Tun Set on 3 machines.
The reason for LVS Tun was because i have get very trouble with routing
over privat networkadresses.
I have get LVS NAT to run, but after some time the private netadresses
wasn't reachable in the serverset. I think i have got problems with the
routing of my provider.
So i setup up a LVS Tun Set on public ipadresses and it works fine for
me. Now i have got a response from a client he report from timeouts by
post-requests. Sadly i cant reproduce this problem in my requests.
The apache logs show me the follow error: "request failed: error reading
the headers"
After i study the LVS-Howto i found the section for MTU and package
fragmentation. I added the follow rule to my iptables. But it dont help
to solve the problem.
iptables -A OUTPUT -s VIRTUAL-IP -p tcp -m tcp --tcp-flags SYN,RST,ACK
SYN,ACK -j TCPMSS --set-mss 1440
For a better understanding of my LVS Set here are some information:
1. Im using only public ipadresses
2. my dircetor is also a realserver with 1 nic and has the follow interfaces
eth0 = public ip (not in use for the LVS)
eth0:80 = public ip (thats my VIRTUAL-IP)
lo = 127.0.0.1 (not in use for the LVS)
3. the output of ipvsadm here (2 standalone realserver and 1 local
realserver directly on the director)
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP VIRTUAL-IP:http rr
-> REALSERVER_IP1:http Tunnel 1 0 0
-> REALSERVER_IP2:http Tunnel 1 0 0
-> localhost.localdomain:http Local 1 0 0
4. more infos for the director
cat /proc/sys/net/ipv4/ip_forward = 1
no special route is added
the set works fine without large posts
no errors for the realserver who run directly on the director by large posts
5. the realserver with 1 nic has the follow interfaces
eth0 = public ip (the REALSERVER_IP that is list in the ipvsadm output
on director)
lo = 127.0.0.1 (not in use for the LVS)
tunl0 = VIRTUAL-IP (with no arp)
6. more infos for the realserver
cat /proc/sys/net/ipv4/ip_forward = 0
no special route is added
errors in this realservers by large posts > "request failed: error
reading the headers" also when i use the iptables command for mtu
fragmentation:
iptables -A OUTPUT -s VIRTUAL-IP -p tcp -m tcp --tcp-flags SYN,RST,ACK
SYN,ACK -j TCPMSS --set-mss 1440
The HTML-Post Test-Scripts hangs by connection on the realserver
Some Questions:
- Are my settings ok. (specially director as realserver too, use of
public ips)?
- for testing i have change my mtu on the director eth0:80 to 1480 but
this dont solve the problem
- i change also the mtu temporary on the realserver eth0 to 1480 but
this dont solve the problem too
- do i need a special routing for LVS-tun
Maybe somebody have any ideas. Im very pleased about some tips.
regards
udosa from munich
|
