|
On Wed, 14 Oct 2009, Vincent Young wrote:
> So first things first, I'm trying to get this set up on linode.com.
I assume this means you are trying to run linode.com on an
LVS.
> and I've been in their IRC channel, and asked if this
I have no idea what "this" is.
> would work. and one of the official responses on this
> issue:
>
> caker:if packets get rewritten, it's not gonna work
> [
> caker:we filter based on source ip and mac, and dest ip and mac
> [caker:^-- for a given Linode
LVS relies on rewriting packets and works everywhere else
(almost)
> So i decided to use LVS-TUN.
why? I don't know what the problem is, so I don't know why
you'd want LVS-Tun
> Each linode has a public IP on eth0, and an aliased eth0:0
> private ip address with no gateway.
it's best now not to use aliases. use iproute2 tools. see
the HOWTO
> This is where I am not sure if it was the correct approach or not,
> please correct me. On the director, I set the VIP to be the same as
> my eth0 public IP. and on the real servers I created a tunl0 interface
> that matched the VIP.
yes
> I dont think i needed to add a route, since they
> both share a common gateway on their public IP's, and they can talk to
> each other.
LVS-Tun doesn't get you anything over LVS-DR, if all
machines are on the same network.
> director: cannot ping realserver
you need to fix this. I assume this is your problem.
> or telnet port 80 into realserver eth0 public ip.
this test doesn't tell you anything if you can't ping the
realserver. After you can ping the realserver, you still
won't be able to connect to the realserver:VIP:80. Do you
understand why?
> can ping client.
yes
> realserver: can ping both realserver and client.when i telnet into VIP
> on port 80, i believe it bypasses the director,
yes
> since tcpdump host
> 97.107.130.68 on the director showed no activity.
> client (public ip 99.247.97.70) can ping director and realserver, and
> can telnet port 80 to real server fine.
yes
> when i telnet to the
> VIP,client doesnt get a response.
packets aren't getting from the director to the realserver
(the ping problem).
> conclusion so far:
> it looks like the ipip packet is reaching the realserver, but want to
> find out if it's being discarded because it thinks it's a martian
> source?
if so, turn off blocking martians
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
