|
On 2009-10-14, at 10:40 AM, Joseph Mack NA3T wrote:
> On Wed, 14 Oct 2009, Vincent Young wrote:
>
>> Linode is a VPS hosting company using Xen virtual servers, and i'm
>> being hosted with them at the moment.
>
> there are minor wrinkles running LVS under Xen. Look at the
> HOWTO.
Will do this next. Thanks.
>
>>>> So i decided to use LVS-TUN.
>>
>> Linode has the option of deploying your environment in 4 datacenters,
>> and i figured it would be good to be able to have the flexibility to
>> connect outside my datacenter when the need should arise.
>
> make sure you understand the consequences of a packet with
> src_addr=VIP from one datacenter emerging from another
> datacenter. It appears to be a spoofed packet.
>
yep, i'll reread the docs regarding this when i do this.
>> I'll give that a try, But the documentation I was reading on my
>> linode
>> said that my Linode only have one virtual ethernet interface -eth0,
>> so
>> that is why I needed to assign my private ip as an alias on that
>> interface.
>
> iproute2 handles this.
gotcha.
>
>>>> director: cannot ping realserver
>>>
>>> you need to fix this. I assume this is your problem.
>>
>> ping stops working once I added the tunl0 device to my realserver
>> with
>> the following command:
>> /sbin/ifconfig tunl0 97.107.133.234 netmask 255.255.255.255 broadcast
>> 97.107.133.234
>
> ping to the RIP (has to work) or to the VIP (won't work)?
director pinging to the RIP on eth0 does not work. would it be because
the netmask 255.255.255.255 of the tunl0 is interfereing with the RIP
on eth0 which uses mask of 255.255.255.0?
ifconfig on the real server:
eth0 Link encap:Ethernet HWaddr FE:FD:61:6B:82:44
inet addr:97.107.130.68 Bcast:97.107.130.255 Mask:
255.255.255.0
inet6 addr: fe80::fcfd:61ff:fe6b:8244/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15772 errors:0 dropped:0 overruns:0 frame:0
TX packets:1961 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1603668 (1.5 MiB) TX bytes:325301 (317.6 KiB)
eth0:0 Link encap:Ethernet HWaddr FE:FD:61:6B:82:44
inet addr:192.168.134.109 Bcast:192.168.255.255 Mask:
255.255.128.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:586 (586.0 b) TX bytes:586 (586.0 b)
tunl0 Link encap:IPIP Tunnel HWaddr
inet addr:97.107.133.234 Mask:255.255.255.255
UP RUNNING NOARP MTU:1480 Metric:1
RX packets:59 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2832 (2.7 KiB) TX bytes:0 (0.0 b)
because of that, i tried to get the director to ping the RIP on eth0:0
192.168.134.109, and it works, and I can telnet to the realserver on
port 80. so next I did the following on the director:
# /sbin/ipvsadm -C
# /sbin/ipvsadm -A -t 97.107.133.234:80 -s rr
# /sbin/ipvsadm -a -t 97.107.133.234:80 -r 192.168.134.109 -i -w 1
so now, on the Client, when I telnet 97.107.133.234:80, it still isnt
able to get anything. when I do tcpdump on the realserver to listen
for the VIP I get the following:
# /usr/sbin/tcpdump -nn host 97.107.133.234
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:42:46.785041 IP 97.107.133.234.80 > 97.107.128.100.18233: S
4199097079:4199097079(0) ack 4011139591 win 5840 <mss 1460>
but I no longer get the martian source logged. but nothing appears in
my http logs.
>
>>
>>
>> before I added that, I'm able to ping the real server from the
>> director no problem. Is there something I should be doing to get it
>> to
>> work?
>>
>>
>>>
>>>> or telnet port 80 into realserver eth0 public ip.
>>>
>>> this test doesn't tell you anything if you can't ping the
>>> realserver. After you can ping the realserver, you still
>>> won't be able to connect to the realserver:VIP:80. Do you
>>> understand why?
>>
>> Which is why I used a different client to do my tests. Is the reason
>> because I'll just be connecting locally, and not actually go through
>> the VIP?
>
> yes
>
>>> if so, turn off blocking martians.
>>
>> Is this controlled at the router level?
>
> on the machine that's seeing the martian.
>
>> or on the realserver? Im on a
>> VPS, and dont have access to the physical machines themselves or the
>> hardware like routers.
>
> a common problem when setting up LVS. If you're doing it all
> in a single Xen, then you'll be routing within the Xen too.
>
> Joe
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
