john.donath at xb
Oct 24, 2007, 5:46 AM
Views: 416
Permalink
|
|
[lvs-users] Problem with udp/1812 on a 2-node UltraMonkey style HA cluster
|
|
Hi,
I have setup a 2 node HA cluster based on the Streamline High
availability and Load Balancing concept.
The weird thing is that it works fantastic for tcp/80 but it doesn't
work properly for a udp service like radius (up/1812).
-------------------
Problem description
-------------------
Assume we have both the http and radius service down on the failover
director (grind12):
[root[at]grind11 ~]# ipvsadm
IP Virtual Server version 1.2.0 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
UDP 172.31.1.10:radius rr
-> 172.31.1.11:radius Local 1 0 0
TCP 172.31.1.10:http rr persistent 600
-> 172.31.1.11:http Local 1 0 0
I now can access the webserver but I don't get any response from the
radius service.
Here are results from tcpdump on both nodes when a radius request is
initiated:
[root[at]grind11 ~]# tcpdump -ni any -p udp and host 83.162.10.97
14:41:10.069858 IP 83.162.10.97.32843 > 172.31.1.10.radius: RADIUS,
Access Request (1), id: 0xdb length: 65
14:41:10.069891 IP 172.31.1.11.radius > 83.162.10.97.32843: RADIUS,
Access Accept (2), id: 0xdb length: 26
As you will note the wrong source address is used !!
It's responding with the realnode IP instead of the VIP and that's
causing the problem.
I am puzzled why this problem does not exist when testing http (tcp/80)
as yo can see from this:
14:43:53.399206 IP 83.162.10.97.41143 > 172.31.1.10.http: F 553:553(0)
ack 268 win 1728 <nop,nop,timestamp 496389562 507325571>
14:43:53.399224 IP 172.31.1.10.http > 83.162.10.97.41143: . ack 554 win
1724 <nop,nop,timestamp 507325582 496389562>
Might this be UDP related?
[root[at]grind12 ~]# tcpdump -ni any -p udp and host 83.162.10.97
** nothing of course **
If I reverse the situation - bringing down both services on the primary
director node (grind11) and starting them up on the failover director
(grind12) then both services are accessible.
[root[at]grind11 ~]# ipvsadm
IP Virtual Server version 1.2.0 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
UDP 172.31.1.10:radius rr
-> 172.31.1.12:radius Route 1 0 0
TCP 172.31.1.10:http rr persistent 600
-> 172.31.1.12:http Route 1 0 0
[root[at]grind11 ~]# tcpdump -ni any -p udp and host 83.162.10.97
11:28:18.604803 IP 83.162.10.97.32841 > 172.31.1.10.radius: RADIUS,
Access Request (1), id: 0x88 length: 65
11:28:18.604915 IP 83.162.10.97.32841 > 172.31.1.10.radius: RADIUS,
Access Request (1), id: 0x88 length: 65
[root[at]grind12 ~]# tcpdump -ni any -p udp and host 83.162.10.97
11:28:22.517935 IP 83.162.10.97.32841 > 172.31.1.10.radius: RADIUS,
Access Request (1), id: 0x88 length: 65
11:28:22.522124 IP 172.31.1.10.radius > 83.162.10.97.32841: RADIUS,
Access Accept (2), id: 0x88 length: 26
I have tried all I can think off and I am getting a little desperate now
.. -(
Do you gurus have any clue?
------------------------------------
Configuration and topology
------------------------------------
ha.cf
-----
logfacility local0
debug 0
keepalive 2
deadtime 10
warntime 5
initdead 120
udpport 694
ucast eth1 172.31.1.12
ucast eth3 10.0.0.2
auto_failback on
node grind11.graddelt.com
node grind12.graddelt.com
respawn hacluster /usr/lib/heartbeat/ipfail
crm off
haresources
-----------
grind11.graddelt.com \
ldirectord::ldirectord.cf \
LVSSyncDaemonSwap::master \
IPaddr2::172.31.1.10/24/eth1/172.31.1.255
/etc/ha.d/ldirectord.cf
checktimeout=10
checkinterval=2
autoreload=no
logfile="/var/log/ldirectord.log"
quiescent=no
virtual=172.31.1.10:1812
fallback=127.0.0.1:1812
real=172.31.1.11:1812 gate
real=172.31.1.12:1812 gate
service=radius
scheduler=rr
#persistent=600
protocol=udp
checktype=negotiate
login="ldtest[at]xb.nl"
passwd="ScdCz32v"
secret="ldtest123"
virtual=172.31.1.10:80
fallback=127.0.0.1:80
real=172.31.1.11:80 gate
real=172.31.1.12:80 gate
service=http
scheduler=rr
persistent=600
protocol=tcp
checktype=negotiate
request="ldtest.html"
receive="ALIVE"
sysctl
------
[root[at]grind11 ~]# sysctl -a | egrep "(forward|arp)"
net.ipv4.conf.eth3.arp_ignore = 1
net.ipv4.conf.eth3.arp_announce = 2
net.ipv4.conf.eth3.arp_filter = 0
net.ipv4.conf.eth3.proxy_arp = 0
net.ipv4.conf.eth3.mc_forwarding = 0
net.ipv4.conf.eth3.forwarding = 1
net.ipv4.conf.eth1.arp_ignore = 1
net.ipv4.conf.eth1.arp_announce = 2
net.ipv4.conf.eth1.arp_filter = 0
net.ipv4.conf.eth1.proxy_arp = 0
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.ip_forward = 1
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users[at]LinuxVirtualServer.org
Send requests to lvs-users-request[at]LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
[lvs-users] Problem with udp/1812 on a 2-node UltraMonkey style HA cluster
