LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

[lvs-users] local forwarding issues (keepalived and real server on same

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] local forwarding issues (keepalived and real server on same host)
From: Matthew Richardson <m.richardson@xxxxxxxx>
Date: Mon, 9 May 2016 11:26:15 +0100
Hi,

I've been setting up load balancing using keepalived, and running 2 real
server instances on the same hosts as keepalived.

I'm using a iptables REDIRECT rule in PREROUTING to prevent 'loops'.

It all works fine for all traffic to this cluster from outside, or from
the current MASTER, with traffic being balanced across both servers, and
failover happening as expected.

However, connections from the BACKUP to the VIP seem to timeout 50% of
the time (i.e when the backup tries to route the connections to itself,
rather than passing them to the master). A tcpdump on both servers shows
that the packets are never leaving the backup, and are obviously just
stuck somewhere internal to the backup.

My keepalived config is as follows:

vrrp_instance virtual_ip {
  interface eth0
  state EQUAL
  virtual_router_id 10
  priority 100
  virtual_ipaddress {
    192.168.1.1
  }
  notify /etc/keepalived/prerouting.sh
}

virtual_server 192.168.1.1 25 {
  delay_loop 10
  lvs_sched wlc
  lvs_method DR
  protocol TCP
  real_server 192.168.1.10 25 {
    weight 100
    TCP_CHECK {
      connect_timeout 10
    }
  }
  real_server 192.168.1.20 25 {
    weight 100
    TCP_CHECK {
      connect_timeout 10
    }
  }
}

iptables rule (added to/removed from the backup/master by notify script):

iptables -t nat -A PREROUTING -d 192.168.1.1 -j REDIRECT


Everything looks ok with ipvsadm -l (same on both master and backup):

Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.1:25 wlc
  -> 192.168.1.10:25          Route   100    0          0
  -> 192.168.1.20:25          Route   100    0          0


However, I noticed that the Forward type in both cases is 'Route' while
in older docs I expected to see 'Local' - and after searching found this
thread:

http://www.gossamer-threads.com/lists/lvs/users/25080

However that doesn't really explain what I should be doing with my
keepalived/iptables config to handle this.

I could modify my notify script to 'turn off/on' the ipvs config on
state change (ie ipvsadm save/clear/restore), but this feels a little
bit hacky.

Can anyone please either point out the error in the above config, or
explain the 'new way' of handling local forwarding?

Thanks,

Matthew


-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
<Prev in Thread] Current Thread [Next in Thread>
  • [lvs-users] local forwarding issues (keepalived and real server on same host), Matthew Richardson <=