LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

[lvs-users] Tunnel setup problems

Subject: [lvs-users] Tunnel setup problems
From: aldo@xxxxxxxxxxxxxxxx (Aldo Sarmiento)
Date: Mon, 4 Apr 2016 14:50:55 -0700
Hello,

I'm pretty new to the LVS configuration world, but I hear great things. I
am trying to setup a Director on a separate network than the Real Servers
in a proof of concept scenario.

The Director is on a private subnet & the Real Server will be using a
public IP address. I followed the tutorial at
http://www.ultramonkey.org/papers/lvs_tutorial/html/

Anyhow, the whole config & tcp dumps here:

## LVS Machine
root at lvs01:~# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.20.10.6:80 wlc
  -> 98.191.200.182:80            Tunnel  1      0          4

root at lvs01:~# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1

root at lvs01:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:2d:11:6c
          inet addr:172.20.10.6  Bcast:172.20.10.15  Mask:255.255.255.240
          inet6 addr: 2600:1012:b159:7dc6:a00:27ff:fe2d:116c/64 Scope:Global
          inet6 addr: 2600:1012:b159:7dc6:2580:c3e0:7f22:90c8/64
Scope:Global
          inet6 addr: fe80::a00:27ff:fe2d:116c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2293 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1551 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:478202 (478.2 KB)  TX bytes:288698 (288.6 KB)
          Interrupt:19 Base address:0xd020

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:142 errors:0 dropped:0 overruns:0 frame:0
          TX packets:142 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:11929 (11.9 KB)  TX bytes:11929 (11.9 KB)


## Remote machine (behind router which is doing port forwarding from
98.191.200.182:80 -> 192.168.1.185:80)

root at raspberrypi:/home/pi# ifconfig
eth0      Link encap:Ethernet  HWaddr b8:27:eb:ee:84:69
          inet addr:192.168.1.185  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14597 errors:0 dropped:484 overruns:0 frame:0
          TX packets:1797 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2921143 (2.7 MiB)  TX bytes:301282 (294.2 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:447 errors:0 dropped:0 overruns:0 frame:0
          TX packets:447 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:130401 (127.3 KiB)  TX bytes:130401 (127.3 KiB)

tunl0     Link encap:IPIP Tunnel  HWaddr
          inet addr:172.20.10.6  Mask:255.255.255.255
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root at raspberrypi:/home/pi# cat /etc/sysctl.d/20-lvs-destination.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.tunl0.arp_ignore = 1
net.ipv4.conf.tunl0.arp_announce = 2


## TCP dump of LVS Machine when trying to visit 172.20.10.6 via browser

root at lvs01:~# tcpdump -n -i eth0:1 port 80
tcpdump: WARNING: eth0:1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0:1, link-type EN10MB (Ethernet), capture size 65535 bytes

13:05:33.928612 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq
375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326362248 ecr 0,sackOK,eol], length 0
13:05:33.928664 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq
2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326362248 ecr 0,sackOK,eol], length 0
13:05:34.931978 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq
2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326363249 ecr 0,sackOK,eol], length 0
13:05:34.932031 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq
375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326363249 ecr 0,sackOK,eol], length 0
13:05:35.935326 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq
2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326364249 ecr 0,sackOK,eol], length 0
13:05:35.935376 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq
375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326364249 ecr 0,sackOK,eol], length 0
13:05:36.936083 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq
2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326365249 ecr 0,sackOK,eol], length 0
13:05:36.936122 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq
375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326365249 ecr 0,sackOK,eol], length 0
13:05:37.944178 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq
2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326366249 ecr 0,sackOK,eol], length 0
13:05:37.944217 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq
375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326366249 ecr 0,sackOK,eol], length 0
13:05:38.950484 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq
2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326367249 ecr 0,sackOK,eol], length 0
13:05:38.950524 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq
375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326367249 ecr 0,sackOK,eol], length 0
13:05:40.958163 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq
2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326369249 ecr 0,sackOK,eol], length 0
13:05:40.958204 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq
375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326369249 ecr 0,sackOK,eol], length 0
13:05:44.968782 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq
2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326373249 ecr 0,sackOK,eol], length 0
13:05:44.968822 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq
375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326373249 ecr 0,sackOK,eol], length 0
13:05:52.987716 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq
2628646146, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326381249 ecr 0,sackOK,eol], length 0
13:05:52.987755 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq
375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326381249 ecr 0,sackOK,eol], length 0
13:06:09.019087 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq
375168773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326397249 ecr 0,sackOK,eol], length 0
13:06:41.105497 IP 172.20.10.2.61642 > 172.20.10.6.80: Flags [S], seq
2628646146, win 65535, options [mss 1460,sackOK,eol], length 0
13:06:41.105539 IP 172.20.10.2.61641 > 172.20.10.6.80: Flags [S], seq
375168773, win 65535, options [mss 1460,sackOK,eol], length 0
13:06:49.683159 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq
2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326437805 ecr 0,sackOK,eol], length 0
13:06:49.933186 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq
2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326438055 ecr 0,sackOK,eol], length 0
13:06:50.684257 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq
2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326438805 ecr 0,sackOK,eol], length 0
13:06:50.934982 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq
2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326439055 ecr 0,sackOK,eol], length 0
13:06:51.685122 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq
2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326439805 ecr 0,sackOK,eol], length 0
13:06:51.936173 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq
2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326440055 ecr 0,sackOK,eol], length 0
13:06:52.687047 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq
2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326440805 ecr 0,sackOK,eol], length 0
13:06:52.938955 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq
2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326441055 ecr 0,sackOK,eol], length 0
13:06:53.692296 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq
2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326441805 ecr 0,sackOK,eol], length 0
13:06:53.944695 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq
2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326442055 ecr 0,sackOK,eol], length 0
13:06:54.698199 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq
2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326442805 ecr 0,sackOK,eol], length 0
13:06:54.948887 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq
2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326443055 ecr 0,sackOK,eol], length 0
13:06:56.712993 IP 172.20.10.2.61658 > 172.20.10.6.80: Flags [S], seq
2615143147, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326444805 ecr 0,sackOK,eol], length 0
13:06:56.964115 IP 172.20.10.2.61659 > 172.20.10.6.80: Flags [S], seq
2439157426, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val
1326445055 ecr 0,sackOK,eol], length 0

*Aldo Sarmiento*

<Prev in Thread] Current Thread [Next in Thread>