LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

[lvs-users] IPVS 1.2.1 + Iptables SNAT

from [Victor Sartori] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] IPVS 1.2.1 + Iptables SNAT
From: Victor Sartori <victor@xxxxxxxxxxxxxx>
Date: Fri, 18 Mar 2011 17:45:53 -0300 
Hi guys,

I'll show my structure, then I post my issue....

http://victor.sartori.eti.br/lvs_network.png


The machine LVS-01, receive HTTP connections on port 80 and 443 on IP
192.168.16.6, and balance between two apaches (1.1.1.11 and 1.1.1.12)
The default gateway of this Apache machines is 1.1.1.10 (LVS-01).
192.168.16.137, is a application machine.

On LVS-01, I do a SNAT iptables rule like this:

iptables -t nat -A POSTROUTING -s 1.1.1.12 -o eth1 -j SNAT --to
192.168.16.17
iptables -t nat -A POSTROUTING -s 1.1.1.11 -o eth1 -j SNAT --to
192.168.16.16

I dont forgot of sysctl.conf:
net.ipv4.ip_forward = 1

It works, but, the http conections are very slow, using a sniffer (tcpdump)
i see this:

normal connections

15:27:52.047136 IP 192.168.16.16.57560 > 192.168.16.137.webcache: . ack
26191 win 501 <nop,nop,timestamp 6349575 6352061>
15:27:52.058760 IP 1.1.1.11.57538 > 192.168.16.137.webcache: F 0:0(0) ack 1
win 1045 <nop,nop,timestamp 6349578 6335481>

a lot of wrong connections (IP of LVS Network to "Intranet Network")

15:28:05.270813 IP 1.1.1.11.57549 > 192.168.16.137.webcache: F 0:0(0) ack 1
win 810 <nop,nop,timestamp 6352881 6335731>
15:28:06.045691 IP 192.168.16.137.webcache > 192.168.16.16.57553: F
68963:68963(0) ack 2279 win 81 <nop,nop,timestamp 6355561 6345561>

normal connections again

It is very random.

Things I've done:

Increase the ephemeral ports (on sysctl.conf: net.ipv4.ip_local_port_range =
1024 65535);
Different versions of KeepAlived (now Im using 1.1.19) on CentOS 5.5 and
Debian 5/6 I've used the 1.2.2
Ignore the LVS, putting the apache directly on web, all websites open very
fast.

I need recompile the kernel with special options/modules/patches? My
IPTables rule was wrong?

Thanks!

Victor
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [lvs-users] IPVS 1.2.1 + Iptables SNAT, Victor Sartori <=
Previous by Date:  [lvs-users] Need help with lvs/keepalived, MacBook
Next by Date:  LVS changes in 2.6.38, Simon Horman
Previous by Thread:  [lvs-users] Need help with lvs/keepalived, MacBook
Next by Thread:  LVS changes in 2.6.38, Simon Horman
Indexes:  [Date] [Thread] [Top] [All Lists]