LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] LVS configuration using pirahna

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS configuration using pirahna
Cc: Reet Vyas <reet.vyas28@xxxxxxxxx>
From: David Coulson <david@xxxxxxxxxxxxxxxx>
Date: Wed, 21 Mar 2012 10:16:24 -0400
Yes, that won't work - If squid is running on lvs router, and pointed at 
vip, it's not going to route via lvs. You can't run a lvs client on the 
lvs router, and in this case squid is the lvs client as it is proxying.

Not really sure i understand your need to use squid. lvs should still 
work even if they are 'different networks' as long as your routing is 
setup properly.

On 3/21/12 10:06 AM, Reet Vyas wrote:
> I have squid on lvs router cause my real servers on diif n/w so add squid
> proxy on lvs and gave real server ip address of my lvs router may be this
> can be reason i cant access my application using VIP..please suggest
>
> On Wed, Mar 21, 2012 at 5:17 PM, David Coulson<david@xxxxxxxxxxxxxxxx>wrote:
>
>> All I see in your tcpdump is ports 22 and 443. Can you only capture the
>> packets related to the LVS connection? You also need to do the capture on
>> the real server, since that is probably where the issue is.
>>
>>
>> On 3/21/12 3:51 AM, Reet Vyas wrote:
>>
>>> Hi I Have reconfigured everything below are the details
>>>
>>> this is my ifconfig
>>>
>>> eth0      Link encap:Ethernet  HWaddr 00:00:E8:F6:74:DA
>>>            inet addr:122.166.233.133  Bcast:122.166.233.255
>>> Mask:255.255.255.0
>>>            inet6 addr: fe80::200:e8ff:fef6:74da/64 Scope:Link
>>>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>            RX packets:94433 errors:0 dropped:0 overruns:0 frame:0
>>>            TX packets:130966 errors:0 dropped:0 overruns:0 carrier:0
>>>            collisions:0 txqueuelen:1000
>>>            RX bytes:9469972 (9.0 MiB)  TX bytes:19929308 (19.0 MiB)
>>>            Interrupt:16 Base address:0x2000
>>>
>>> eth0:1    Link encap:Ethernet  HWaddr 00:00:E8:F6:74:DA
>>>            inet addr:122.166.233.136  Bcast:122.166.233.255
>>> Mask:255.255.255.0
>>>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>            Interrupt:16 Base address:0x2000
>>>
>>> eth1      Link encap:Ethernet  HWaddr 00:E0:20:14:F9:2D
>>>            inet addr:192.168.3.1  Bcast:192.168.3.255  Mask:255.255.255.0
>>>            inet6 addr: fe80::2e0:20ff:fe14:f92d/64 Scope:Link
>>>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>            RX packets:123718 errors:0 dropped:0 overruns:0 frame:0
>>>            TX packets:148856 errors:0 dropped:0 overruns:0 carrier:0
>>>            collisions:0 txqueuelen:1000
>>>            RX bytes:18738556 (17.8 MiB)  TX bytes:11697153 (11.1 MiB)
>>>            Interrupt:17 Memory:60000400-600004ff
>>>
>>> eth1:1    Link encap:Ethernet  HWaddr 00:E0:20:14:F9:2D
>>>            inet addr:192.168.3.10  Bcast:192.168.3.255  Mask:255.255.255.0
>>>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>            Interrupt:17 Memory:60000400-600004ff
>>>
>>> eth2      Link encap:Ethernet  HWaddr 00:16:76:6E:D1:D2
>>>            UP BROADCAST MULTICAST  MTU:1500  Metric:1
>>>            RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>>            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>>            collisions:0 txqueuelen:1000
>>>            RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>>>            Interrupt:21 Base address:0xa500
>>>
>>>
>>>   and ipvsadm -ln command
>>>
>>> IP Virtual Server version 1.2.1 (size=4096)
>>> Prot LocalAddress:Port Scheduler Flags
>>>    ->   RemoteAddress:Port           Forward Weight ActiveConn InActConn
>>> TCP  122.166.233.136:5001 rr
>>> FWM  80 wlc
>>>    ->   192.168.3.2:80               Masq    1      0          0
>>>    ->   192.168.3.3:80               Masq    1      0          0
>>>
>>>
>>>
>>> and tcpdump as u asked for tcpdump -nn
>>>
>>> 13:20:51.719651 IP 14.140.226.234.42148>   122.166.233.133.22: Flags [.],
>>> ack 71072, win 1842, options [nop,nop,TS val 5369796 ecr 15415484],
>>> length 0
>>> 13:20:51.719666 IP 122.166.233.133.22>   14.140.226.234.42148: Flags [P.],
>>> seq 76992:77344, ack 49, win 338, options [nop,nop,TS val 15415577 ecr
>>> 5369796], length 352
>>> 13:20:51.723067 IP 14.140.226.234.42148>   122.166.233.133.22: Flags [.],
>>> ack 71424, win 1842, options [nop,nop,TS val 5369799 ecr 15415487],
>>> length 0
>>> 13:20:51.723083 IP 122.166.233.133.22>   14.140.226.234.42148: Flags [P.],
>>> seq 77344:77696, ack 49, win 338, options [nop,nop,TS val 15415581 ecr
>>> 5369799], length 352
>>> 13:20:51.727503 IP 14.140.226.234.42148>   122.166.233.133.22: Flags [.],
>>> ack 71776, win 1842, options [nop,nop,TS val 5369804 ecr 15415488],
>>> length 0
>>> 13:20:51.727518 IP 122.166.233.133.22>   14.140.226.234.42148: Flags [P.],
>>> seq 77696:78048, ack 49, win 338, options [nop,nop,TS val 15415585 ecr
>>> 5369804], length 352
>>> 13:20:51.729719 IP 14.140.226.234.42148>   122.166.233.133.22: Flags [.],
>>> ack 71984, win 1842, options [nop,nop,TS val 5369806 ecr 15415499],
>>> length 0
>>> 13:20:51.729734 IP 122.166.233.133.22>   14.140.226.234.42148: Flags [P.],
>>> seq 78048:78400, ack 49, win 338, options [nop,nop,TS val 15415587 ecr
>>> 5369806], length 352
>>> 13:20:51.730957 IP 180.149.241.196.443>   122.166.233.133.54647: Flags [.],
>>> ack 3204, win 258, options [nop,nop,TS val 8618337 ecr 15415521], length 0
>>> 13:20:51.730985 IP 122.166.233.133.54647>   180.149.241.196.443: Flags
>>> [P.],
>>> seq 3204:4628, ack 631, win 1002, options [nop,nop,TS val 15415589 ecr
>>> 8618337], length 1424
>>> 13:20:51.734903 IP 14.140.226.234.42148>   122.166.233.133.22: Flags [.],
>>> ack 72336, win 1842, options [nop,nop,TS val 5369811 ecr 15415504],
>>> length 0
>>> 13:20:51.734918 IP 122.166.233.133.22>   14.140.226.234.42148: Flags [P.],
>>> seq 78400:79120, ack 49, win 338, options [nop,nop,TS val 15415593 ecr
>>> 5369811], length 720
>>> 13:20:51.738592 IP 14.140.226.234.42148>   122.166.233.133.22: Flags [.],
>>> ack 72688, win 1842, options [nop,nop,TS val 5369815 ecr 15415517],
>>> length 0
>>> 13:20:51.738608 IP 122.166.233.133.22>   14.140.226.234.42148: Flags [P.],
>>> seq 79120:79472, ack 49, win 338, options [nop,nop,TS val 15415596 ecr
>>> 5369815], length 352
>>> 13:20:51.744741 IP 14.140.226.234.42148>   122.166.233.133.22: Flags [.],
>>> ack 73200, win 1842, options [nop,nop,TS val 5369821 ecr 15415518],
>>> length 0
>>> 13:20:51.744756 IP 122.166.233.133.22>   14.140.226.234.42148: Flags [P.],
>>> seq 79472:79824, ack 49, win 338, options [nop,nop,TS val 15415602 ecr
>>> 5369821], length 352
>>> 13:20:51.748002 IP 180.149.241.196.443>   122.166.233.133.54647: Flags
>>> [P.],
>>> seq 631:678, ack 3204, win 258, options [nop,nop,TS val 8618339 ecr
>>> 15415521], length 47
>>> 13:20:51.748016 IP 122.166.233.133.54647>   180.149.241.196.443: Flags [.],
>>> ack 678, win 1002, options [nop,nop,TS val 15415606 ecr 8618339], length 0
>>> 13:20:51.753389 IP 14.140.226.234.42148>   122.166.233.133.22: Flags [P.],
>>> seq 49:97, ack 73200, win 1842, options [nop,nop,TS val 5369829 ecr
>>> 15415518], length 48
>>>
>>> On Wed, Mar 21, 2012 at 12:43 AM, Enno Gröper<enno+lvs@groeper-**
>>> berlin.de<enno%2Blvs@xxxxxxxxxxxxxxxxx>>wrote:
>>>
>>>   Hi,
>>>> Am 20.03.2012 13:15, schrieb Reet Vyas:
>>>>
>>>>> I did that but still no luck I just want to know wat i am trying to
>>>>> configure is correct or not .. Can i access url from VIP as
>>>>> 192.168.3.10:8080 or not? this is the VIP of my lvs router and it is
>>>>> working with reasl server 192.168.3.2:8080 ..
>>>>>
>>>> Without knowledge about the client, we can't tell. In theory yes, it
>>>> should work (just looking at the lvs configuration).
>>>> For now I simply ignore your second NIC on the LVS node.
>>>> I think you have either a 1-NIC, 2 Network LVS-NAT [1] or a One Network
>>>> LVS-NAT [2]. But only you know that for sure.
>>>> In both cases the LVS configuration is correct, but you still need
>>>> tweaks for your network setup.
>>>> The problem with one-arm LVS nodes is ICMP redirects.
>>>> What happens, if you ping the client from one of your realservers?
>>>> Is there a redirect shown? (Don't know what this looks like on Windows.
>>>> But I assume, Windows ping shows such things, too)
>>>>
>>>> If I'm wrong with my assumption:
>>>> What is your exact setup?
>>>> * IP of client
>>>> * routing table of LVS node
>>>>
>>>> HTH,
>>>> Enno
>>>>
>>>> [1]
>>>>
>>>> http://www.austintek.com/LVS/**LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-**
>>>> NAT.html#lvs_nat_one_network_**two_nic<http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#lvs_nat_one_network_two_nic>
>>>> [2]
>>>>
>>>> http://www.austintek.com/LVS/**LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-**
>>>> NAT.html#one_network<http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#one_network>
>>>>
>>>>
>>>> ______________________________**_________________
>>>> Please read the documentation before posting - it's available at:
>>>> http://www.linuxvirtualserver.**org/<http://www.linuxvirtualserver.org/>
>>>>
>>>> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.**org
>>>> Send requests to lvs-users-request@**LinuxVirtualServer.org
>>>> or go to 
>>>> http://lists.graemef.net/**mailman/listinfo/lvs-users<http://lists.graemef.net/mailman/listinfo/lvs-users>
>>>>
>>>>   ______________________________**_________________
>>> Please read the documentation before posting - it's available at:
>>> http://www.linuxvirtualserver.**org/<http://www.linuxvirtualserver.org/>
>>>
>>> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.**org
>>> Send requests to lvs-users-request@**LinuxVirtualServer.org
>>> or go to 
>>> http://lists.graemef.net/**mailman/listinfo/lvs-users<http://lists.graemef.net/mailman/listinfo/lvs-users>
>>>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>