LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] Real server not responding back

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [lvs-users] Real server not responding back
From: Per Jessen <per@xxxxxxxxxxxx>
Date: Mon, 30 Mar 2020 11:22:27 +0200
Nick Wilson wrote:

> Hi,
> 
> I'm trying to get LVS/IPVS to work for my desired configuration, but
> facing a weird problem, most likely due to a simple mistake somewhere.
> 
> For now, I've created one load balancer VM (running Ubuntu 18.04 with
> LVS director 1.28-3) and one real server VM (running Ubuntu 18.04).
> 
> Both the VMs are in different data-centres (different networks), so
> I'm trying to make the load balancer and real server work over IP
> tunneling mode based on this guide:
> https://medium.com/@ppan.brian/ipvs-using-ipip-tunnel-ca180c7f4fd8

FWIW, I have had an LVS on IPIP tunneling setup running for 14-15 years,
currently with some 80 backends, also spread across multiple
datacentres.  

> I've got it working to the point where if a client sends a request to
> load balancer VIP, then it forwards the request to the real server,
> which is running a simple HTTP web server 'python3 -m http.server
> 8000' (has a 'Hello World' index page), but the real server never
> responds back, and the request times-out.
> Using tcpdump, I can see the request hitting the director, and then
> hitting the real server, and the real server responding back to the
> client IP with a zero length response (ack?), that goes on for 4-5
> times until timeout. Tunneling seems to be working but the web server
> doesn't intercept and respond to the request. Requesting the real
> server IP directly works fine though.

Wait - you say "hitting the real server, and the real server responding
back to the client IP with a zero length response (ack?)", but
then "but the web server doesn't intercept and respond to the
request" ?  

Dunno if this'll help, but maybe: 
My setup, very briefly -

2 directors, 80 backends.  Each backend is connected via an IPIP tunnel
with a network range 10.0.x.x/30 assigned.  

# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  88.198.198.123:25 wlc
  -> 10.0.1.146:25                Masq    1000   10         13
  -> 10.0.1.142:25                Masq    1000   11         7
  -> 10.0.1.138:25                Masq    1000   11         6
  -> 10.0.1.134:25                Masq    1000   11         4
  -> 10.0.1.130:25                Masq    1000   10         10
[snip]

4: ipip0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue
state UNKNOWN group default qlen 1000
    link/ipip 46.4.89.115 peer 88.198.198.125
    inet 10.0.1.146/30 brd 10.0.1.147 scope global ipip0
       valid_lft forever preferred_lft forever
    inet6 fe80::200:5efe:2e04:5973/64 scope link
       valid_lft forever preferred_lft forever


I have a separate route table :

# ip route show table fe1only
default via 10.0.1.145 dev ipip0
10.0.1.144/30 dev ipip0 scope link src 10.0.1.146
10.0.2.144/30 dev ipip1 scope link src 10.0.2.146
127.0.0.0/8 dev lo scope link

I direct traffic to use that table by setting an fwmark and using an ip
rule. 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
MARK       tcp  --  0.0.0.0/0            46.4.89.115          tcp
dpt:10031 MARK set 0x14
MARK       tcp  --  10.0.1.144/30        0.0.0.0/0            tcp dpt:25
MARK set 0xa





-- 
Per Jessen, Zürich (1.6°C)
http://www.hostsuisse.com/ - virtual servers, made in Switzerland.


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
<Prev in Thread] Current Thread [Next in Thread>