[lvs-users] Real server refuses packets originated from itself and redir

To:	<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	[lvs-users] Real server refuses packets originated from itself and redirected by LVS
From:	<Ondrej.Rajmon@xxxxxxx>
Date:	Thu, 5 Nov 2009 17:27:00 +0100

Hello,
maybe  my question is generally about a Linux network subsystem but 
nevertheless, it is related to LVS.
My systems are RHEL5 and I have configured a load balancer-LVS (LB) and 2 real 
servers (RS1, RS2) with Apache. I use DR configuration described in RedHat 
documentation, so the VIP is configured just on LB. The real servers have just 
their real IPs configured and an acceptance of balanced packets is accomplished 
by an iptables rule with target REDIRECT:

iptables -t nat -A PREROUTING -p tcp -d <VIP> --dport 80 -j REDIRECT

When connecting clients are external hosts, it works well. But when the client 
is on one of that real servers, it works just partialy. For example:

-          a client on RS1 connects to VIP -> LB redirects it to RS2   =>  it 
works fine

-          a client on RS1 connects to VIP -> LB redirects it to RS1   =>  it 
doesn't work

When RS1 connects to itself thru VIP, TCP connection is not established. Using 
tcpdump I can see that the SYN packet leaves an RS1's interface and immediately 
arrives back as it's redirected by LB. So it looks well and correctly. But when 
watching NAT-prerouting table, the packet doesn't appear there. It seems as the 
packet get lost somewhere between an input interface and the prerouting hook. I 
don't understand ... Can anybody explain that behaviour?

I know this is not the standard usage of the LVS and I have read HOWTO - LVS 
clients on Realservers. But the HOWTO discusses different model, where real 
servers have configured VIP on there interfaces so the solved problems are 
different. What I want is to understand what happens in the system.

More info:

-          IP addresses in packet are OK (src=<IP RS1>, dest=<VIP>)

-          MAC addr in packet are OK (LB swap src and dest MACs as expected)

-          iptables are empty except the NAT-prerouting (VIP=10.1.14.19 , 
RS1=10.1.14.13)

# iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
LOG        tcp  --  10.1.14.13           0.0.0.0/0           LOG flags 0 level 
7 prefix `testnat-src'
REDIRECT   tcp  --  0.0.0.0/0            10.1.14.19          tcp dpt:80

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination




Ondrej


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] Real server refuses packets originated from itself and redirected by LVS, Ondrej.Rajmon <= Re: [lvs-users] Real server refuses packets originated from itself and redirected by LVS, Simon Horman Re: [lvs-users] Real server refuses packets originated from itself and redirected by LVS, Ondrej.Rajmon Re: [lvs-users] Real server refuses packets originated from itself and redirected by LVS, Con Tassios Re: [lvs-users] Real server refuses packets originated from itself and redirected by LVS, Siim Põder Re: [lvs-users] Real server refuses packets originated from itself and redirected by LVS, Ondrej.Rajmon

Previous by Date:	Re: [lvs-users] ldirectord email features, Robinson, Eric
Next by Date:	Re: [lvs-users] ipvs-dr and ip_vs_conn, calculator@xxxxxxx
Previous by Thread:	[lvs-users] ldirectord email features, Robinson, Eric
Next by Thread:	Re: [lvs-users] Real server refuses packets originated from itself and redirected by LVS, Simon Horman
Indexes:	[Date] [Thread] [Top] [All Lists]