|
Hy All!
i'm trying to setup an LVS system for http with 3 servers 1 being the
director..(i have a previous post for this that went sucessfull)
the subjects are the servers:
10.1.228.234 (public ip of the director) -has configured the 10.1.228.236
as the VIP (virtual ip) - so the http service will be accesible through
this ip and directed to the real servers (RS)
10.1.228.235 RS1 (real server 1 - we used the method VS/DR as they are
cable linked and same C class, no router between them ) - and it works
great...without problems
10.1.239.163 RS2 (real server 2 - VS/TUN, by encapsulating the packages in
a tunnel since it passes through a router..and this is the way to do it )
we don't want to use the VS/NAT method since is's serving us because of the
performance
we didn't succeed to make it work with VS/NAT , and sincerly we kind of have
a hunch why... and it's because we can't solve the arp problem ..
of course we folowed some tutorials on the net..that helped us make it work
on the VS/DR method.
here's what we've found wierd..very wierd.. we've tried to arping the ip's
from each server:
[root@linux 10.1.228.234]# arping 10.1.228.235 < from the director
ARPING 10.1.228.235 from 10.1.228.234 eth0
Unicast reply from 10.1.228.235 [00:24:5D:24:61:AB] 0.550ms
root@linux 10.1.228.235]# ifconfig eth0 <-as you can see the mac was the
same..so that's why it's probably working between those
eth0 Link encap:Ethernet HWaddr 00:24:5D:24:61:AB
inet addr:10.1.228.235 Bcast:10.1.228.239 Mask:255.255.255.248
from the external ip
-bash-10.1.239.163 # arping 10.1.228.234
ARPING 10.1.228.234 from 10.1.239.163 eth0 < doesn't match the real mac of
the 10.1.228.234
Unicast reply from 10.1.228.234 [00:0A:F3:82:3A:00] 1.179ms
-bash-10.1.239.163 # arping 10.1.228.235
ARPING 10.1.228.234 from 10.1.239.163 eth0
Unicast reply from 10.1.228.234 [00:0A:F3:82:3A:00] 1.179ms < how can the
reply be from the same MAC as the previous ping??? and it's not even the
real one..
[root@linux 10.1.228.234]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:24:2D:67:30:29
inet addr:10.1.228.234 Bcast:10.1.228.239 Mask:255.255.255.248
so it's an arp problem
we've tried to solve the arp problem with arptables, and with the
here's a tcpdump from the director...
22:30:10.598330 arp who-has 10.1.228.235 tell 10.1.228.234
22:30:10.598355 arp reply 10.1.228.235 is-at 00:24:5D:24:61:ab (oui Unknown)
22:33:34.569821 arp who-has 10.1.239.163 tell 10.1.228.236
22:33:34.570389 arp reply 10.1.239.163 is-at 00:0a:f3:82:3A:00 (oui Unknown)
---------------
here's what we configured
LVS:
ifconfig eth0:0 down
ipvsadm -C
ifconfig eth0:0 10.1.228.236 netmask 255.255.255.255 broadcast 10.1.228.236
up
echo 0 > /proc/sys/net/ipv4/ip_forward
ipvsadm -A -t 10.1.228.236:80 -s wlc
ipvsadm -a -t 10.1.228.236:80 -r 10.1.239.163 -i -w 1
Real Server 1
arptables -F
ifconfig tunl0 down
echo 0 > /proc/sys/net/ipv4/ip_forward
modprobe ipip
ifconfig tunl0 0.0.0.0 up
echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/tunl0/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
arptables -A IN -d 10.1.228.236 -j DROP
arptables -A OUT -s 10.1.228.236 -o eth0 -j mangle --mangle-ip-s
10.1.239.163
ifconfig tunl0 10.1.228.236 netmask 255.255.255.255 broadcast 10.1.228.236
up
route add -host 10.1.228.236 dev tunl0
--
View this message in context:
http://www.nabble.com/LVS-TUN-wierd-conf..bad-arp-reply-form-the-same-MAC-on-any-IP--tp26097535p26097535.html
Sent from the LVS mailing list archive at Nabble.com.
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
