Re: [lvs-users] LVS-DR stuck in SYN packets?

[Tiago <sytker@xxxxxxxxx>]

I tried both, but it didn't work.

Maybe my switch/gw is rejecting packets from my realservers directly to
customers because of RPF filter?


2014-03-24 18:03 GMT-03:00 Malcolm Turnbull <malcolm@xxxxxxxxxxxxxxxx>:

> I've never used that method before, I would think you would need to be
> careful with your rp_filter settings?
>
> The ones I know that do work with the DR mode LVS arp problem are:
>
> http://pdfs.loadbalancer.org/quickstartguideLBVMv7.pdf
> Page 30: loopback + arp_ignore sysctl values
>
> or forget the loopback and use just
> Page 29: iptables method
>
>
>
>
> On 24 March 2014 20:57, Tiago <sytker@xxxxxxxxx> wrote:
> > Hi Malcom,
> >
> > Answering:
> >>Is the apache server responding to BOTH the RIP & the VIP? (RIP for
> >>health checks, VIP for load balanced traffic)
> >
> > root@web1:/var/log/apache2# netstat -ntlpd | grep :80
> > tcp        0      0 0.0.0.0:80              0.0.0.0:*
> LISTEN
> >      10159/apache2
> >
> >
> >>And how have you solved the ARP problem for the loopback adapter?
> >
> > As we have completely separate vlans, the traffic which comes to VIP
> > doesn't reach RIP network segment. So, per some instructions I didn't
> take
> > any measure on it, I hope that approach is correct.
> >
> > Basically I have:
> > LVS server:
> >
> > eth1 (vlan 2054) with public IPs
> > eth0 (vlan 1296) with private IPs
> >
> > So I have VIP on top of eth1.
> > And I have an 10.56.213.6 on top of eth0.
> >
> > Real servers:
> > eth1 (vlan 2054) with public IPs
> > eth0 (vlan 1296) with private IPs
> >
> > So I have VIP on lo:0
> > And I have 10.56.213.20 on top of eth0 on realserver 1 and I have
> > 10.56.213.21 on top of eth0 on realserver 2.
> >
> > Thanks
> >
> >
> >
> >
> > 2014-03-24 17:40 GMT-03:00 Malcolm Turnbull <malcolm@xxxxxxxxxxxxxxxx>:
> >
> >> Tiago,
> >>
> >> Is the apache server responding to BOTH the RIP & the VIP? (RIP for
> >> health checks, VIP for load balanced traffic)
> >> And how have you solved the ARP problem for the loopback adapter?
> >>
> >>
> >>
> >> On 24 March 2014 20:00, Tiago <sytker@xxxxxxxxx> wrote:
> >> > Hello all,
> >> >
> >> > I'm trying to setup an LVS-DR here for a couple of webservers. My
> >> scenario
> >> > is:
> >> >
> >> > Eth1 and eth0 are in separated vlans.
> >> >
> >> >    1. My realservers ips: 10.56.213.31-10.56.213.32 at eth0
> >> >    2.
> >> >    3. myrealip** at eth1 (its a public IP)
> >> >    4.
> >> >    5.
> >> >    6. root@lvs1:~# ipvsadm
> >> >    7. IP Virtual Server version 1.2.1 (size=4096)
> >> >    8. Prot LocalAddress:Port Scheduler Flags
> >> >    9.   -> RemoteAddress:Port           Forward Weight ActiveConn
> >> InActConn
> >> >    10. TCP  myrealip**:http wlc
> >> >    11.   -> 10.56.213.31:http            Route   1      0          0
> >> >    12.   -> 10.56.213.32:http            Route   1      0          0
> >> >    13.
> >> >    14. On realservers:
> >> >    15. lo:0      Link encap:Local Loopback
> >> >    16.           inet addr:myrealip**  Mask:255.255.255.255
> >> >    17.           UP LOOPBACK RUNNING  MTU:16436  Metric:1
> >> >    18.
> >> >    19. route -n:
> >> >    20. myrealip**  0.0.0.0         255.255.255.255 UH    0      0
> >>  0
> >> >    lo
> >> >    21.
> >> >    22.
> >> >    23. When someone try to access myrealip**:80 I have:
> >> >    24.   -> 10.56.213.31:http            Route   1      0          1
> >> >    25.   -> 10.56.213.32:http            Route   1      0          0
> >> >    26.
> >> >    27. And on realserver 10.56.213.31:
> >> >    28.
> >> >    29. root@web1:/var/log/apache2# tcpdump -ni eth0 host 216.5.78.123
> >> (my
> >> >    source ip)
> >> >    30. tcpdump: WARNING: eth0: no IPv4 address assigned
> >> >    31. tcpdump: verbose output suppressed, use -v or -vv for full
> >> protocol
> >> >    decode
> >> >    32. listening on eth0, link-type EN10MB (Ethernet), capture size
> 65535
> >> >    bytes
> >> >    33. 13:40:35.267880 IP 216.5.78.123.37026 > myrealip**.80: Flags
> [S],
> >> >    seq 2186878409, win 14600, options [mss 1460,sackOK,TS val
> 164050646
> >> ecr
> >> >    0,nop,wscale 7], length 0
> >> >    34. 13:40:36.270371 IP 216.5.78.123.37026 > myrealip**.80: Flags
> [S],
> >> >    seq 2186878409, win 14600, options [mss 1460,sackOK,TS val
> 164051646
> >> ecr
> >> >    0,nop,wscale 7], length 0
> >> >    35. 13:40:38.276806 IP 216.5.78.123.37026 > myrealip**.80: Flags
> [S],
> >> >    seq 2186878409, win 14600, options [mss 1460,sackOK,TS val
> 164053646
> >> ecr
> >> >    0,nop,wscale 7], length 0
> >> >    36. 13:40:42.294667 IP 216.5.78.123.37026 > myrealip**.80: Flags
> [S],
> >> >    seq 2186878409, win 14600, options [mss 1460,sackOK,TS val
> 164057646
> >> ecr
> >> >    0,nop,wscale 7], length 0
> >> >    37. 13:40:50.328756 IP 216.5.78.123.37026 > myrealip**.80: Flags
> [S],
> >> >    seq 2186878409, win 14600, options [mss 1460,sackOK,TS val
> 164065646
> >> ecr
> >> >    0,nop,wscale 7], length 0
> >> >    38.
> >> >    39. But I can't see the answer going back to me in any interface I
> >> have
> >> >    at these realservers. I don't get any HTTP HIT at apache either.
> >> >
> >> > Obviously it seems I'm missing something here, however, I can't see
> >> clearly
> >> > what is it.
> >> >
> >> > Can you help on this?
> >> >
> >> > Thanks in advance!
> >> > _______________________________________________
> >> > Please read the documentation before posting - it's available at:
> >> > http://www.linuxvirtualserver.org/
> >> >
> >> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> >> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> >> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >>
> >>
> >>
> >> --
> >> Regards,
> >>
> >> Malcolm Turnbull.
> >>
> >> Loadbalancer.org Ltd.
> >> Phone: +44 (0)870 443 8779
> >> http://www.loadbalancer.org/
> >>
> >> _______________________________________________
> >> Please read the documentation before posting - it's available at:
> >> http://www.linuxvirtualserver.org/
> >>
> >> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> >> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> >> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >>
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> >
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
>
>
> --
> Regards,
>
> Malcolm Turnbull.
>
> Loadbalancer.org Ltd.
> Phone: +44 (0)870 443 8779
> http://www.loadbalancer.org/
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users