LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] Real server not responding back

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Real server not responding back
From: Nick Wilson <vicnickw@xxxxxxxxx>
Date: Tue, 31 Mar 2020 18:47:44 +1100
Thanks for your reply Andrew.


>
> It sounds like the server's responses aren't making it through,
> meaning that a TCP three-way handshake cannot be completed.
>
> What is sitting in front of the real server, and *is it stateful*? A
> router? A firewall?
>
>
There's no firewall in-front of the real server, while I'm testing LVS.
There should be router I'm guessing. As this a cloud hosted VM, I checked
with the hosting company, and they've confirmed that their network
equipment is not configured to drop any packets, and tunneling should work
fine.

I'll try it out on a different cloud host like DigitalOcean or Linode to
see if that makes a difference.


> When using a Linux router, I always disable the rp_filter. When using
> a pfSense firewall, I create floating firewall rules to cover all TCP
> flags and 'sloppy state keeping' on the inbound and outbound network
> interfaces.
>
>
rp_filter is disabled (set to zero for all interfaces) on the real server.

Does the virtual IP address on the real server look 'out of place' in
> the context of the rest of the network? For example, if a router
> expects to see addresses in 10.0.0.0/24 on eth0 and addresses in
> 192.168.0.0/24 on eth1 but it starts seeing traffic from 10.0.0.20
> coming *in* on eth1 (e.g. from a VIP address) then the router may well
> drop the return traffic.
>

Well, on the load balancer VM I've got two IPs -  a static public IP bound
to ens3, and another static public IP (virtual IP) bound to ens3:0. Client
requests are made to the virtual IP. The real server has its own static
public IP bound to ens3, and the virtual IP is bound to tunl0 interface.
Load balancer VM and real server VM are located in different data centers,
so they're on different networks, and hence their IPs and gateways are
different. Nothing out of the ordinary is visible on the real server that
could be dropping the packets. Even this cloud hosting company has
confirmed that their network isn't configured to don't drop packets as such.

Please chime in if anything else comes to mind.

Cheers,

Nick
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>