|
Hi List,
Have some problem here:
Setup is LVS-DR for one service:
The packets are directed from outside over the internal network to the
realserver. The realserver has a REDIRECT iptables rule to transparent
catch that service.
Now the following happens:
If the realserver wants to send a packet like eg "TCP Dup Ack" to the
client, the packet is send to eth0 (WAN, this is ok). But the source
address which is chosen is the IP of eth1 (the LAN side, this is a
private IP), and that private IP is not routable.
I think this is more a realserver problem, and not a LVS problem, but
it should be a problem for every LVS-DR setup, i think, and so there
might be users here which have solved this..
Here is a tethereal dump of what happens on the WAN (eth0) side of the
realserver, with its own public address:
# 10.0.0.24 is private IP of rs1
rs1:/# tethereal -i eth0 -f 'src 10.0.0.24'
Capturing on eth0
0.000000 10.0.0.24 -> <user ip> TCP webcache > 3029 [FIN, ACK] Seq=0 Ack=0
Win=6432 Len=0
I think 10.0.0.24 is choosen because that is the IP of the LAN-side,
and iptables REDIRECT then chooses 10.0.0.24 as the DNAT ip.
The problem is that 10.0.0.24 as source address on the WAN is not routable
to our clients. Connections then seems to be slow (a website is
loaded, only the first half of the page, the rest is waiting till
timeout, because IP-correction packets get somewhere in /dev/null).
Thanks for any response,
Janno.
Janno de Wit
DNA Services B.V.
|
