|
Hi,
Been using this setup on at least 4 different installations without this
issue... we have multiple virtual services and use iptables MARK to tag
the packets for each virtual service.
My problem is that when I enable/configure persistence on IPVS the
client gets "connection refused". The same config *without* persistence
works fine.
System:
=======
Kernel: 2.6.29.6-smp (vanilla from Slackware 13.0)
ipvsadm v1.25 2008/5/15 (compiled with popt and IPVS v1.2.1)
iptables v1.4.3.2
iptables:
=========
iptables -L -n -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 MARK xset 0x1/0xffffffff
MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9201 MARK xset 0x1/0xffffffff
MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:9200:9201 MARK xset
0x2/0xffffffff
ipvsadm:
========
ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 1 lc
-> 192.168.22.11:0 Masq 100 0 0
FWM 2 lc
-> 192.168.22.11:0 Masq 100 0 0
IPVS debug when persistence is *ON*:
=====================================
kernel: IPVS: lookup/in TCP 160.124.109.65:43100->192.168.1.1:8080 not hit
kernel: IPVS: lookup/out TCP 160.124.109.65:43100->192.168.1.1:8080 not hit
kernel: IPVS: lookup service: fwm 1 TCP 192.168.1.1:8080 hit
kernel: IPVS: p-schedule: src 160.124.109.65:43100 dest 192.168.1.1:8080
mnet 160.124.109.65
kernel: IPVS: template lookup/in IP 160.124.109.65:0->0.0.0.0:0 not hit
IPVS debug when persistence is *OFF*:
=====================================
kernel: IPVS: lookup/in TCP 160.124.109.65:43098->192.168.1.1:8080 not hit
kernel: IPVS: lookup/out TCP 160.124.109.65:43098->192.168.1.1:8080 not hit
kernel: IPVS: lookup service: fwm 1 TCP 192.168.1.1:8080 hit
kernel: IPVS: ip_vs_rr_schedule(): Scheduling...
kernel: IPVS: RR: server 192.168.22.11:0 activeconns 0 refcnt 3 weight 100
kernel: IPVS: Bind-dest TCP c:160.124.109.65:43098 v:192.168.1.1:8080
d:192.168.22.11:8080 fwd:M s:0 conn->flags:100 conn->refcnt:1
dest->refcnt:4
kernel: IPVS: Schedule fwd:M c:160.124.109.65:43098 v:192.168.1.1:8080
d:192.168.22.11:8080 conn->flags:140 conn->refcnt:2
kernel: IPVS: TCP input [S...] 192.168.22.11:8080->160.124.109.65:43098
state: NONE->SYN_RECV conn->refcnt:2
kernel: Enter: ip_vs_nat_xmit, net/netfilter/ipvs/ip_vs_xmit.c line 359
kernel: IPVS: After DNAT: TCP 160.124.109.65:43098->192.168.22.11:8080
kernel: Leave: ip_vs_nat_xmit, net/netfilter/ipvs/ip_vs_xmit.c line 411
kernel: IPVS: lookup/out TCP 192.168.22.11:8080->160.124.109.65:43098 hit
kernel: IPVS: After SNAT: TCP 192.168.1.1:8080->160.124.109.65:43098
kernel: IPVS: lookup/in TCP 160.124.109.65:43098->192.168.1.1:8080 hit
kernel: IPVS: TCP input [..A.] 192.168.22.11:8080->160.124.109.65:43098
state: SYN_RECV->ESTABLISHED conn->refcnt:2
kernel: Enter: ip_vs_nat_xmit, net/netfilter/ipvs/ip_vs_xmit.c line 359
kernel: IPVS: After DNAT: TCP 160.124.109.65:43098->192.168.22.11:8080
kernel: Leave: ip_vs_nat_xmit, net/netfilter/ipvs/ip_vs_xmit.c line 411
--
__Deon_______________________________________________
TruTeq Wireless (Pty) Ltd. Tel: +27 12 667 1530
http://www.truteq.co.za Fax: +27 12 667 1531
Timezone: SAST GMT+2
Copyright&Legal: http://truteq.co.za/legal_notice.pdf
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
