|
Hello lvs-users,
I have problem to setup LVS-TUN with different network. Before I have success
to implement LVS-TUN with same network. My existing topology is
Internet --- Router --- PIX Firewall ---- Swicth ---- LDirector
|
|
RealServer 1 ... RealServer 3
in LDirector:
OS : FC 5 + ultramonkey
RIP: 192.168.32.5
VIP: 192.168.32.7
sysctl.conf:
net.ipv4.ip_forward = 1
in Realserver 1:
OS: FC 5
RIP: 192.168.32.9
TUNL0: 192.168.32.7
sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
in Realserver 2:
OS: FC 5
RIP: 192.168.32.11
TUNL0: 192.168.32.7
sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
in Realserver 3:
OS: FC 5
RIP: 192.168.32.15
TUNL0: 192.168.32.7
sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
/etc/ha.d/ldirectord.conf:
checktimeout=10
checkinterval=2
autoreload=yes
logfile="/var/log/ldirectord.log"
quiescent=yes
virtual=192.168.32.7:25
fallback=127.0.0.1:25
real=192.168.32.9:25 ipip
real=192.168.32.11:25 ipip
real=192.168.32.15:25 ipip
service=smtp
scheduler=wlc
#persistent=600
protocol=tcp
And works without any problem.
Later I am trying to implement LVS-TUN but over network, with topology like
below:
RealServer 1 at ISP A
|
Internet - Router - LDirector
|
RealServer 2 at ISP B
in LDirector:
OS : FC 5 + ultramonkey
RIP: 202.154.0.3
VIP: 202.154.0.5
sysctl.conf:
net.ipv4.ip_forward = 1
in Realserver 1 at ISP A:
OS: FC 5
RIP: 219.83.0.7
TUNL0: 202.154.0.5
sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
in Realserver 1:
OS: FC 5
RIP: 124.56.9.21
TUNL0: 202.154.0.5
sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2
/etc/ha.d/ldirectord.conf:
checktimeout=10
checkinterval=2
autoreload=yes
logfile="/var/log/ldirectord.log"
quiescent=yes
virtual=202.154.0.5:25
fallback=127.0.0.1:25
real=124.56.9.21:25 ipip
real=219.83.0.7:25 ipip
service=smtp
scheduler=wlc
#persistent=600
protocol=tcp
BUT it doesn't work. All firewall in all servers (ldirector and realserver) has
been flushed. Mail services in realservers are running very well (I tested with
telnet to port 25 from outside (other ISP for independen issue) to the real
ips, and responses very well).
But after implement this thing, I can't connect to VIP IP on ldirector from
outside (time out).
I checked ldirectord.log:
[Thu Jun 28 09:45:55 2007|ldirectord|2187] Added virtual server: 202.154.0.5:25
[Thu Jun 28 09:45:55 2007|ldirectord|2187] Added fallback server: 127.0.0.1:25
( x 202.154.0.5:25) (Weight set to 1)
[Thu Jun 28 09:45:55 2007|ldirectord|2187] Quiescent real server:
124.56.9.21:25 ( x 202.154.0.5:25) (Weight set to 0)
[Thu Jun 28 09:45:55 2007|ldirectord|2187] Restored real server: 124.56.9.21:25
( x 202.154.0.5:25) (Weight set to 1)
[Thu Jun 28 09:45:55 2007|ldirectord|2187] Deleted fallback server:
127.0.0.1:25 ( x 202.154.0.5:25)
TCP 202.154.0.5:25 wlc
-> 124.56.9.21:25 Tunnel 1 0 3
-> 219.83.0.7:25 Tunnel 1 0 2
Is it possible if blocked at ISP ? how do I check it ?
Need your help. Thank you.
--
Best regards,
Kalpin mailto:kalpin@xxxxxxxxxxxxx
|
