|
I am building a DR-TUN configuration to load balance DNS traffic. My issue
is with the real servers: the ipip packet get unwrapped and appears on the
tunnel interface and becomes a martian. Also, I have not been able to
determine how to bind to the tunnel interface to capture these packets. I
have verified details with tcpdump/dmesg. All my configuration is scripted
to ensure reproducibility. tcpdumps below do not show real DNS traffic;
using netcat to send text.
Much more detail can be supplied, please request it.
Configuration:
==============
- All machines are currently Debian 9 (4.9.30-2+deb9u2)
- Client: 192.168.200.10
- Director: 192.168.200.11
- Real Server: 192.168.200.12
- No VIP: I am using the IP address for my director interface -
192.168.200.11
Director Configuration:
==================
vagrant@debian-9-lb:~$ sudo ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
UDP 192.168.200.11:53 rr
-> 192.168.200.12:53 Tunnel 1 0 0
Real Server:
============
# modprobe ipip
# echo 1 > /proc/sys/net/ipv4/ip_forward
# ip tunnel add tunl1 mode ipip ttl 32 local 192.168.200.12 remote
192.168.200.11
# ip link set tunl1 up arp off
# echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
# echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter
# echo 2 > /proc/sys/net/ipv4/conf/tunl0/rp_filter
# echo 2 > /proc/sys/net/ipv4/conf/tunl1/rp_filter
vagrant@debian-9-dns:~$ sudo tcpdump -e -n -s 0 -i tunl1 -vv
tcpdump: listening on tunl1, link-type RAW (Raw IP), capture size 262144
bytes
10:16:13.919646 ip: (tos 0x0, ttl 64, id 63545, offset 0, flags [DF], proto
UDP (17), length 40)
192.168.200.10.51149 > 192.168.200.11.53: [udp sum ok] 26226 updateMA+
[b2&3=0x6f6d] [27753a] [11619q] [25966n] [29706au][|domain]
If I add an IP address to the interface the packet never reaches tunl1
# ip addr add 192.168.200.11/24 brd 192.168.200.11 dev tunl1
Notes:
======
LVS-DR was not an option because the real servers will be in different
subnets (I was able to get LVS-DR working though).
I am looking for advice on how to better understand or resolve this issue.
Or, who would be better to answer this question.
I have groked as many articles on how to setup this configuration as I can.
And, I have read a good deal of the archives of this mailing list.
Linux distributions I have tried are Debian, Ubuntu and Amazon linux. This
is been tested on both AWS and VMware fusion.
------
I have a feeling I am missing something simple...
Thanks!
-Timothy
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
