|
Thanks for the quick response Joseph, really appreciate your input.
On 2009-10-14, at 8:32 AM, Joseph Mack NA3T wrote:
> On Wed, 14 Oct 2009, Vincent Young wrote:
>
>> So first things first, I'm trying to get this set up on linode.com.
>
> I assume this means you are trying to run linode.com on an
> LVS.
>
Linode is a VPS hosting company using Xen virtual servers, and i'm
being hosted with them at the moment.
>> and I've been in their IRC channel, and asked if this
>
> I have no idea what "this" is.
I was asking in their IRC channel if people had got a LVS setup going
on their linodes, and i was talking about the problems of my real
server not doing anything with the ipip packet and the martian sources
being logged.
>
>> would work. and one of the official responses on this
>> issue:
>>
>> caker:if packets get rewritten, it's not gonna work
>> [
>> caker:we filter based on source ip and mac, and dest ip and mac
>> [caker:^-- for a given Linode
>
> LVS relies on rewriting packets and works everywhere else
> (almost)
>
>> So i decided to use LVS-TUN.
Linode has the option of deploying your environment in 4 datacenters,
and i figured it would be good to be able to have the flexibility to
connect outside my datacenter when the need should arise.
> why? I don't know what the problem is, so I don't know why
> you'd want LVS-Tun
>
>> Each linode has a public IP on eth0, and an aliased eth0:0
>> private ip address with no gateway.
>
> it's best now not to use aliases. use iproute2 tools. see
> the HOWTO
I'll give that a try, But the documentation I was reading on my linode
said that my Linode only have one virtual ethernet interface -eth0, so
that is why I needed to assign my private ip as an alias on that
interface.
>
>
>> This is where I am not sure if it was the correct approach or not,
>> please correct me. On the director, I set the VIP to be the same as
>> my eth0 public IP. and on the real servers I created a tunl0
>> interface
>> that matched the VIP.
>
> yes
>
>> I dont think i needed to add a route, since they
>> both share a common gateway on their public IP's, and they can talk
>> to
>> each other.
>
> LVS-Tun doesn't get you anything over LVS-DR, if all
> machines are on the same network.
>
>> director: cannot ping realserver
>
> you need to fix this. I assume this is your problem.
ping stops working once I added the tunl0 device to my realserver with
the following command:
/sbin/ifconfig tunl0 97.107.133.234 netmask 255.255.255.255 broadcast
97.107.133.234
before I added that, I'm able to ping the real server from the
director no problem. Is there something I should be doing to get it to
work?
>
>> or telnet port 80 into realserver eth0 public ip.
>
> this test doesn't tell you anything if you can't ping the
> realserver. After you can ping the realserver, you still
> won't be able to connect to the realserver:VIP:80. Do you
> understand why?
Which is why I used a different client to do my tests. Is the reason
because I'll just be connecting locally, and not actually go through
the VIP?
>
>> can ping client.
>
> yes
>
>> realserver: can ping both realserver and client.when i telnet into
>> VIP
>> on port 80, i believe it bypasses the director,
>
> yes
>
>> since tcpdump host
>> 97.107.130.68 on the director showed no activity.
>> client (public ip 99.247.97.70) can ping director and realserver, and
>> can telnet port 80 to real server fine.
>
> yes
>
>> when i telnet to the
>> VIP,client doesnt get a response.
>
> packets aren't getting from the director to the realserver
> (the ping problem).
>
>> conclusion so far:
>> it looks like the ipip packet is reaching the realserver, but want to
>> find out if it's being discarded because it thinks it's a martian
>> source?
>
> if so, turn off blocking martians.
Is this controlled at the router level? or on the realserver? Im on a
VPS, and dont have access to the physical machines themselves or the
hardware like routers. I just deploy my distro of linux and ssh in to
customize it. I can then customize it by adding modules to the kernel
like what I had to do (add ip_vs), or use a custom kernel. so in my
case, would i have any control over this?
>
> Joe
>
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
