|
Hello,
On Tue, 29 Aug 2017, Owain Jones wrote:
> Hi,
>
> The packets seem to be dying at the router. As I can see the packets being
> received on the director and the response packets being sent from the real
> server.
>
> One thing I'm thinking of, that I failed to mention earlier, is that the
> router does NAT. I've placed the VIP in the DMZ, so the director should be
> receiving all external packets directly. But the actual machines themselves
> are in the router's LAN and being NAT'ed.
>
> As I'm using LVS-DR, then the only thing that should be being changed in the
> incoming packet is the MAC address, yes? But then, when the real server
> responds, it'll have a different MAC address to the incoming packet because
> it's actually a physically different machine.
>
> So my thought is, could this MAC address mismatch be possibly confusing the
> router's NATting?
The MAC usually does not play. You can also check the state
of conntrack entries in router, if possible. But to be sure that it
is not the router, you can start client connection from some box
on the LAN, then the real server will talk directly with this
client box.
> I guess I could test it by rewriting the MAC address on outgoing packets from
> the real server to have the MAC of the director, so that, from the router's
> perspective, the LVS is entirely transparent.
Almost, Linux 4.10+ decrements the IP TTL field for all
forwarding methods including DR.
> Though surely, that said, the source MAC address on outgoing packets shouldn't
> really matter, I'd have thought.
Yep
Regards
--
Julian Anastasov <ja@xxxxxx>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
