Re: [lvs-users] question about LVS

[Ryan Manikowski <ryan@xxxxxxxxxxx>]

On 5/3/2010 10:25 AM, Michiel van Es wrote:
>
>
> -------- Original Message --------
> Subject: Re: [lvs-users] question about LVS
> From: Ryan Manikowski <ryan@xxxxxxxxxxx>
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Date: 05/03/2010 04:19 PM
>
>> On 5/3/2010 9:41 AM, Michiel van Es wrote:
>>> Could it be that server1 isn't working correctly that the LVS DR does
>>> not route traffic to that server?
>>>
>>> It can connect:
>>>
>>> root@vps704:~/scripts# telnet server1.pcintelligence.nl 25
>>> Trying 194.145.200.17...
>>> Connected to server1.pcintelligence.nl.
>>> Escape character is '^]'.
>>> 220 PCIntelligence mailserver 1 - mx1.pcintelligence.nl ESMTP
>>> quit
>>> 221 PCIntelligence mailserver 1 - mx1.pcintelligence.nl
>>> Connection closed by foreign host.
>>>
>>>
>>> But I keep getting forward only to real server2:
>>>
>>> 221 PCIntelligence mailserver 2 - mx2.pcintelligence.nl
>>> Connection closed by foreign host.
>>> michiel@wmichiele:~$ telnet 194.145.200.87 25
>>> Trying 194.145.200.87...
>>> telnet: Unable to connect to remote host: No route to host
>>> michiel@wmichiele:~$ telnet 194.145.200.87 25
>>> Trying 194.145.200.87...
>>> Connected to 194.145.200.87.
>>> Escape character is '^]'.
>>> 220 PCIntelligence mailserver 2 - mx2.pcintelligence.nl ESMTP
>>> quit
>>> 221 PCIntelligence mailserver 2 - mx2.pcintelligence.nl
>>> Connection closed by foreign host.
>>>
>>>
>>> And because it is RR, that is perhaps why I get the first time server2
>>> and the 2nd time server1 and I get the telnet: Unable to connect to
>>> remote host: No route to host
>>>
>>> What should I check on server1?
>>> I also tried to change the weight on the LVS DR server from server 1 to
>>> 2 so it would get more hits but no avail:
>>>
>>> I am running this on the LVS server:
>>>
>>> #!/bin/bash
>>> #---------------mini-rc.lvs_dr-director------------------------
>>> #set ip_forward OFF for lvs-dr director (1 on, 0 off)
>>> #(there is no forwarding in the conventional sense for LVS-DR)
>>> cat       /proc/sys/net/ipv4/ip_forward
>>> echo "0">/proc/sys/net/ipv4/ip_forward
>>>
>>> #director is not gw for realservers: leave icmp redirects on
>>> echo 'setting icmp redirects (1 on, 0 off) '
>>> echo "1">/proc/sys/net/ipv4/conf/all/send_redirects
>>> cat       /proc/sys/net/ipv4/conf/all/send_redirects
>>> echo "1">/proc/sys/net/ipv4/conf/default/send_redirects
>>> cat       /proc/sys/net/ipv4/conf/default/send_redirects
>>> echo "1">/proc/sys/net/ipv4/conf/eth0/send_redirects
>>> cat       /proc/sys/net/ipv4/conf/eth0/send_redirects
>>>
>>> #add ethernet device and routing for VIP 194.145.200.87
>>> /sbin/ifconfig eth0:110 194.145.200.87 broadcast 194.145.200.87 netmask
>>> 255.255.255.255
>>> /sbin/route add -host 194.145.200.87 dev eth0:110
>>> #listing ifconfig info for VIP 194.145.200.87
>>> /sbin/ifconfig eth0:110
>>>
>>> #check VIP 194.145.200.87 is reachable from self (director)
>>> /bin/ping -c 1 194.145.200.87
>>> #listing routing info for VIP 194.145.200.87
>>> /bin/netstat -rn
>>>
>>> #setup_ipvsadm_table
>>> #clear ipvsadm table
>>> /sbin/ipvsadm -C
>>> #installing LVS services with ipvsadm
>>> #add smtp to VIP with round robin scheduling
>>> /sbin/ipvsadm -A -t 194.145.200.87:smtp -s rr
>>>
>>> #forward smtp to realserver using direct routing with weight 1
>>> /sbin/ipvsadm -a -t 194.145.200.87:smtp -r 194.145.200.17 -g -w 2
>>> #check realserver reachable from director
>>> ping -c 1 194.145.200.17
>>>
>>> #forward smtp to realserver using direct routing with weight 1
>>> /sbin/ipvsadm -a -t 194.145.200.87:smtp -r 194.145.200.171 -g -w 1
>>> #check realserver reachable from director
>>> ping -c 1 194.145.200.171
>>>
>>> #displaying ipvsadm settings
>>> /sbin/ipvsadm
>>>
>>> #not installing a default gw for LVS_TYPE vs-dr
>>> #---------------mini-rc.lvs_dr-director------------------------
>>>
>>>
>>> And on the real servers:
>>>
>>> #!/bin/bash
>>> #----------mini-rc.lvs_dr-realserver------------------
>>> #installing default gw 192.168.1.254 for vs-dr
>>> #/sbin/route add default gw 192.168.1.254
>>> #showing routing table
>>> /bin/netstat -rn
>>> #checking if DEFAULT_GW 192.168.1.254 is reachable
>>> #ping -c 1 192.168.1.254
>>>
>>> #set_realserver_ip_forwarding to OFF (1 on, 0 off).
>>> echo "0">/proc/sys/net/ipv4/ip_forward
>>> cat       /proc/sys/net/ipv4/ip_forward
>>>
>>> #looking for DIP 192.168.1.9
>>> ping -c 1 194.145.200.86
>>>
>>> #looking for VIP (will be on director)
>>> ping -c 1 194.145.200.87
>>>
>>> #install_realserver_vip
>>> /sbin/ifconfig lo:110 194.145.200.87 broadcast 194.145.200.87 netmask
>>> 0xffffffff up
>>> #ifconfig output
>>> /sbin/ifconfig lo:110
>>> #installing route for VIP 194.145.200.87 on device lo:110
>>> /sbin/route add -host 194.145.200.87 dev lo:110
>>> #listing routing info for VIP 194.145.200.87
>>> /bin/netstat -rn
>>>
>>> #hiding interface lo:110, will not arp
>>> #echo "1">/proc/sys/net/ipv4/conf/all/hidden
>>> #cat       /proc/sys/net/ipv4/conf/all/hidden
>>> #echo "1">/proc/sys/net/ipv4/conf/lo/hidden
>>> #cat       /proc/sys/net/ipv4/conf/lo/hidden
>>> echo 1>  /proc/sys/net/ipv4/conf/eth0/arp_ignore
>>> echo 2>  /proc/sys/net/ipv4/conf/eth0/arp_announce
>>> echo 1>  /proc/sys/net/ipv4/conf/all/arp_ignore
>>> echo 2>  /proc/sys/net/ipv4/conf/all/arp_announce
>>>
>>> #----------mini-rc.lvs_dr-realserver------------------
>>>
>>>
>>> Am I missing something?
>>> I found it awkward it server1 does not give a banner..I think LVS sees
>>> the server up (server1) but something goes wrong with the return
>>> traffic
>>> so that is perhaps why I sometimes get the 'Unable to connect to remote
>>> host: No route to host'
>>>
>>> How can I troubleshoot and confirm this?
>>>
>>> Kind Regards,
>>>
>>> Michiel
>>>
>>> -------- Original Message --------
>>> Subject: Re: [lvs-users] question about LVS
>>> From: Michiel van Es<mve@xxxxxxxxxxxxxxxxx>
>>> To: LinuxVirtualServer.org users mailing list.
>>> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>>> Date: 05/03/2010 02:39 PM
>>>
>>>
>>>>
>>>> -------- Original Message --------
>>>> Subject: Re: [lvs-users] question about LVS
>>>> From: Michael Schwartzkopff<misch@xxxxxxxxxxx>
>>>> To: LinuxVirtualServer.org users mailing list.
>>>> <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
>>>> Date: 05/03/2010 02:34 PM
>>>>
>>>>
>>>>> Am Montag, 3. Mai 2010 14:31:32 schrieb Michiel van Es:
>>>>>
>>>>>> So to get it right:
>>>>>>
>>>>>> On the director:
>>>>>>     >>>>    net.ipv4.ip_forward = 1
>>>>>>
>>>>>> On the real servers:
>>>>>>     >>>>    net.ipv4.conf.all.arp_ignore = 1
>>>>>>     >>>>    net.ipv4.conf.eth0.arp_ignore = 1
>>>>>>     >>>>    net.ipv4.conf.all.arp_announce = 2
>>>>>>     >>>>    net.ipv4.conf.eth0.arp_announce = 2
>>>>>>
>>>>>> No forwarding on the real servers right?
>>>>>>
>>>>> Correct
>>>>>
>>>> Thanks.
>>>>
>>>> I still got the same results:
>>>>
>>>> I only connect to server2 and never to server1, also 1 of the 2
>>>> times I
>>>> get a 'No route to host':
>>>>
>>>> michiel@wmichiele:~$ telnet 194.145.200.87 25
>>>> Trying 194.145.200.87...
>>>> Connected to 194.145.200.87.
>>>> Escape character is '^]'.
>>>> 220 PCIntelligence mailserver 2 - mx2.pcintelligence.nl ESMTP
>>>> quit
>>>> 221 PCIntelligence mailserver 2 - mx2.pcintelligence.nl
>>>> Connection closed by foreign host.
>>>> michiel@wmichiele:~$ telnet 194.145.200.87 25
>>>> Trying 194.145.200.87...
>>>> telnet: Unable to connect to remote host: No route to host
>>>> michiel@wmichiele:~$ telnet 194.145.200.87 25
>>>> Trying 194.145.200.87...
>>>> Connected to 194.145.200.87.
>>>> Escape character is '^]'.
>>>> 220 PCIntelligence mailserver 2 - mx2.pcintelligence.nl ESMTP
>>>> quit
>>>> 221 PCIntelligence mailserver 2 - mx2.pcintelligence.nl
>>>> Connection closed by foreign host.
>>>> michiel@wmichiele:~$ telnet 194.145.200.87 25
>>>> Trying 194.145.200.87...
>>>> telnet: Unable to connect to remote host: No route to host
>>>>
>>>>
<snip>
>>
>> Just curious, can you telnet from 194.145.200.87 to 194.145.200.171:25?
>> Sounds as though the host at .171 is either a) not listening on port 25
>> or b) firewall rules (iptables) are preventing the connection from being
>> established. From experience, both will cause 'no route to host' errors.
>
> Both are working and listening and available from the LVS-DR:
>
> root@vps704:~/scripts# telnet server1.pcintelligence.nl 25
> Trying 194.145.200.17...
> Connected to server1.pcintelligence.nl.
> Escape character is '^]'.
> 220 PCIntelligence mailserver 1 - mx1.pcintelligence.nl ESMTP
> quit
> 221 PCIntelligence mailserver 1 - mx1.pcintelligence.nl
> Connection closed by foreign host.
> root@vps704:~/scripts# telnet server2.pcintelligence.nl 25
> Trying 194.145.200.171...
> Connected to server2.pcintelligence.nl.
> Escape character is '^]'.
> 220 PCIntelligence mailserver 2 - mx2.pcintelligence.nl ESMTP
> quit
> 221 PCIntelligence mailserver 2 - mx2.pcintelligence.nl
> Connection closed by foreign host.
>
> Kind regards,
>
> Michiel
>
>>

What is the output of the 'ipvsadm' command on the director? Please
reply with the output pasted here or on the web (e.g. pastebin).

-- 
         Ryan Manikowski


]] Devision Media Services LLC [[
         www.devision.us
 ryan@xxxxxxxxxxx | 716.771.2282


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users