LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] ipvsadm and packets leaving a gre tunnel

from [Joseph Mack NA3T] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] ipvsadm and packets leaving a gre tunnel
Cc: Horms <horms@xxxxxxxxxxxx>, Julian Anastasov <ja@xxxxxx>
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Fri, 1 Aug 2008 09:17:29 -0700 (PDT) 
On Fri, 1 Aug 2008, Marco Lorig wrote:
With the tunnel in place, can you initiate an outbound SSH connection from the realserver to the client machine? Are you absolutely sure that the path this will follow the same route as the data from the realserver under normal conditions?
I have a sneaking feeling that the realserver is sending packets of 1460 bytes (ethernet MTU less L2 framing) but the "secondary" director, ie. the tunnel endpoint at the realserver's end, is dropping them because they don't fit inside the tunnel. 

I do a scp both times only from the client to the server:

client:# scp file root@IPVSADM-address:/tmp/
This works. The client sends the first packets with a mtu which doesn´t fit into the tunnel and recieves ICMP UNREACHABLE Need to fragment. 

client:# scp root@IPVSADM-address:/tmp/file .
This doesn´t work. The Realserver tries to send packets which doesn´t fit into the tunnel but DOES NOT receive any ICMP packet.
so ip_vs() is not handling icmp correctly at least for LVS-NAT. Thanks for tracking this down. icmp handling has been built into LVS since the really early days. I doubt if gre was in anyone's mind at the time. I think it was mostly for host unreachable. 

Horms, Julian,

Is there a fix for this?
I tried setting sysctl nat_icmp_send to 1 but that doesn´t change the behaviour at all.
ip_vs() does its own nat'ing, so using commands from iptables will not help. 

Joe
There was only one attempt which worked (the realserver got an ICMP UNREACHABLE NEED TO FRAG) but unfortunately I can´t reproduce it.
So the realserver is never going to realise that it´s packets are too big. 

I think, that´s the gist of the matter.

Any ideas?

Thanks in advance.
Have a nice weekend.

cheers

Marco

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users



--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!















[More with this subject...]










<Prev in Thread]
Current Thread
[Next in Thread>




















Previous by Date: 
Re: [lvs-users] ipvsadm and packets leaving a gre tunnel, Marco Lorig




Next by Date: 
Re: [lvs-users] ipvsadm and packets leaving a gre tunnel, Joseph Mack NA3T




Previous by Thread: 
Re: [lvs-users] ipvsadm and packets leaving a gre tunnel, Marco Lorig




Next by Thread: 
Re: [lvs-users] ipvsadm and packets leaving a gre tunnel, Simon Horman




Indexes: 
[Date]
[Thread]
[Top]
[All Lists]