|
Idealy, the IPVS should be the default gateway for the real servers,
like a router in outbound and yes, the client, and the IPVS are on
different networks, real server is in a LAN directly plugged to the
IPVS (xen virtual switch, all nodes are VM).
I tried to disabled the TCP checksum offload but the issue is the same
in NAT mode.
In DR mode, the connection is established only if i don't use the IPVS
as default gateway, but now i have the same result as NAT...
Perhaps the issue is external from IPVS, but i was unable to find
where.. still searching.
Regards,
2011/4/13 David Coulson <david@xxxxxxxxxxxxxxxx>:
>
>
> On 4/13/11 1:29 PM, Romain Meillon wrote:
>>
>> All tables are in ACCEPT policy on both IPVS and real server until
>> i've done a correct configuration.
>>
>> so, as you adviced, i've done this on the real server (and tried many
>> differents things) :
>>
>> iptables -t nat -A PREROUTING -p tcp -d<PUB_IP> -j REDIRECT
>
> You don't need that.
>>
>> ifconfig lo:0<PUB_IP> netmask 255.255.255.255 broadcast<PUB_IP> up
>>
>> echo 1> /proc/sys/net/ipv4/conf/lo/arp_ignore
>> echo 2> /proc/sys/net/ipv4/conf/lo/arp_announce
>> echo 1> /proc/sys/net/ipv4/conf/all/arp_ignore
>> echo 2> /proc/sys/net/ipv4/conf/all/arp_announce
>>
>> This on IPVS
>>
>> /sbin/ipvsadm -A -t<PUB_IP>:80 -s rr
>> /sbin/ipvsadm -a -t<PUB_IP>:80 -r 10.254.0.100:80 -g -w 1
>>
>> /sbin/ipvsadm -A -t<PUB_IP>:25 -s rr
>> /sbin/ipvsadm -a -t<PUB_IP>:25 -r 10.254.0.100:25 -g -w 1
>>
>> and to have internet connectivity on the real server through the IPVS
>> (perhaps i shouldn't? ):
>> iptables -t nat -A POSTROUTING -s 10.254.0.100/24 -j MASQUERADE
>
> Is the IPVS system your network default gateway? if not, you don't need
> that.
>>
>> The connection cannot be established from the client, no packet are
>> back from the IPVS...
>>
>> Here is the tcpdump on the IPVS, it seems that packets go back to the
>> client ! :
>>
>> 19:14:37.720321 IP<CLIENT_IP>.62096> <PUB_IP>.25: Flags [S], seq
>> 1997275050, win 8192, options [mss 1460,nop,nop,sackOK], length 0
>> 19:14:37.720684 IP<PUB_IP>.25> <CLIENT_IP>62096: Flags [S.], seq
>> 677256198, ack 1997275051, win 5840, options [mss
>> 1460,nop,nop,sackOK], length 0
>
> Why is the syn ack seen at all on the IPVS host? It should go direct from
> the real server to your network default gateway, then to client. Client IP
> in this case is on a different network to both public IP and real server IP?
>
> Have you tested from a client system on the local network?
>
--
Romain Meillon
Responsable Technique
ServiTICs
91 rue de Bucarest
13300 Salon de Provence
r.meillon@xxxxxxxxxxxx
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
