Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Linux Virtual Server: Users

[lvs-users] LVS-Tun problem

  

 
Linux Virtual Server users RSS feed   Index | Next | Previous | View Threaded


johan at allerinternett

Nov 6, 2007, 1:58 AM

Post #1 of 5 (411 views)
Permalink
[lvs-users] LVS-Tun problem
Hi,

This is my first post to this list as I'm trying to setup a simple
LVS-TUN solution. Sorry for this lengthy email but at the moment I'm
kinda stuck..

In my setup I have one director and two clients with the current layout:


+-----------+
| |
| Client |
| |
+-----------+
|
|
| +-----------+
| | |
+-----|Director |
| | |
| +-----------+
|
+-----------------+-----------------+
| |
+-----------+ +-----------+
| | | |
|RS1 | |RS2 |
| | | |
+-----------+ +-----------+


Each server (Director, RS1, RS2) have 2 NICS where eth0 is configured
with a LAN address (172.24.x.x) and eth1 is configured with a public IP
address.
The VIP on the director is configured on eth1:1 and on tunl0 on the real
servers (Ifconfig tunl0 82.117.x.x netmask 255.255.255.255 broadcast
82.117.x.x)

Uname for the servers:
Director: Linux <foobar> 2.6.22.9-server-1mdv #1 SMP
RealServers: Linux <foobar> 2.6.22-6mdv #1 SMP

I've installed keepalived on the director with the following in
keepalived.conf:
global_defs {
notification_email {
johan [at] allerinternett
}
notification_email_from keepalived@.allerinternett.no }
virtual_server 82.117.50.203 23 {
delay_loop 30
lb_algo wrr
lb_kind TUN
persistence_timeout 50
protocol TCP

real_server 82.117.50.153 23 {
weight 1
}
real_server 82.117.50.154 23 {
weight 1
}

}

It's a pretty straightforward setup. I encountered the ARP-problem but
the following in /etc/sysctl.conf seems to have corrected that:

net.ipv4.conf.tunl0.arp_ignore=1
net.ipv4.conf.tunl0.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2

My next problem is when I telnet to the VIP. I get the following message
in /var/log/messages on the real servers:

Nov 6 09:44:25 web4 kernel: martian source 82.117.50.203 from
82.117.50.129, on dev tunl0 Nov 6 09:44:25 web4 kernel: ll header:
45:00:00:44:00:00:40:00:7e:04:f2:6a:52:75:32:c8:52:75:32:99:45:00:00:30:
a8:42:40:00:7e:06:4a:4f:52:75:32:81:52:75:32:cb:e5:2c:00:17:56:08:19:eb:
00:00:00:00:70:02:ff:ff:23:b2:00:00:02:04:05:b4:01:01:04:02:ad:3e:24:10:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:84:91:95:f8:
41:43:41:43:41:43:41:43:41:43:41:42:4f:00:ff:53:4d:42:25:00

>From what I've read (http://www.ssi.bg/~ja/,
http://docs.huihoo.com/hpc-cluster/linux-virtual-server/HOWTO/LVS-HOWTO.
LVS-DR.html#LVS-DR_director_default_gw) I need to patch the kernel but
is this really neccessary?

At this point I'm "stuck" so all feedback is appreciated.

Cheers,

Johan


_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jmack at wm7d

Nov 6, 2007, 5:49 AM

Post #2 of 5 (404 views)
Permalink
Re: [lvs-users] LVS-Tun problem [In reply to]
On Tue, 6 Nov 2007, Grasmo, Johan wrote:

> Hi,
>
> This is my first post to this list as I'm trying to setup a simple
> LVS-TUN solution. Sorry for this lengthy email but at the moment I'm
> kinda stuck..

have you first tested telnet with LVS-DR?

> Each server (Director, RS1, RS2) have 2 NICS where eth0 is configured
> with a LAN address (172.24.x.x) and eth1 is configured with a public IP
> address.

turn off the public IP for the moment, It's irrelevant to
the current problem.

> Nov 6 09:44:25 web4 kernel: martian source 82.117.50.203 from
> 82.117.50.129, on dev tunl0 Nov 6 09:44:25 web4 kernel: ll header:

http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-DR.html#set_rp_filter

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


johan at allerinternett

Nov 8, 2007, 4:07 AM

Post #3 of 5 (402 views)
Permalink
Re: [lvs-users] LVS-Tun problem [In reply to]
Hi and thanks for your reply.

I've followed your advice and I've tested telnet with LVS-DR. On the
real servers I configured lo:110 and added the following in
/etc/sysctl.conf:

net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

None of the real servers ARP's which is good and everything worked
perfectly.

I took the same servers, removed lo and configured tunl0:110 to test
LVS-TUN.

When I telnet from a linux machine I get the same real server. The VIP
address in the arp table is unfortunately the same as one of the real
servers.

When I try a telnet connection from a windows machine I only get a
timeout:

Connecting To 172.24.30.110...Could not open connection to the host, on
port 23: Connect failed

Isn't it sufficient to add the lines in /etc/sysctl.conf or do I have to
patch the kernel (I run 2.6.22 btw)?

Thanks,

Johan
> -----Original Message-----
> From: lvs-users-bounces [at] linuxvirtualserver [mailto:lvs-users-
> bounces [at] linuxvirtualserver] On Behalf Of Joseph Mack NA3T
> Sent: 6. november 2007 14:50
> To: LinuxVirtualServer.org users mailing list.
> Subject: Re: [lvs-users] LVS-Tun problem
>
> On Tue, 6 Nov 2007, Grasmo, Johan wrote:
>
> > Hi,
> >
> > This is my first post to this list as I'm trying to setup a simple
> > LVS-TUN solution. Sorry for this lengthy email but at the moment I'm
> > kinda stuck..
>
> have you first tested telnet with LVS-DR?
>
> > Each server (Director, RS1, RS2) have 2 NICS where eth0 is
configured
> > with a LAN address (172.24.x.x) and eth1 is configured with a public
IP
> > address.
>
> turn off the public IP for the moment, It's irrelevant to
> the current problem.
>
> > Nov 6 09:44:25 web4 kernel: martian source 82.117.50.203 from
> > 82.117.50.129, on dev tunl0 Nov 6 09:44:25 web4 kernel: ll header:
>
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-
> DR.html#set_rp_filter
>
> Joe
>
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
> Send requests to lvs-users-request [at] LinuxVirtualServer
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jmack at wm7d

Nov 8, 2007, 4:16 AM

Post #4 of 5 (404 views)
Permalink
Re: [lvs-users] LVS-Tun problem [In reply to]
On Thu, 8 Nov 2007, Grasmo, Johan wrote:

> Hi and thanks for your reply.
>
> I've followed your advice and I've tested telnet with LVS-DR. On the
> real servers I configured lo:110 and added the following in
> /etc/sysctl.conf:
>
> net.ipv4.conf.lo.arp_ignore = 1
> net.ipv4.conf.lo.arp_announce = 2
> net.ipv4.conf.all.arp_ignore = 1
> net.ipv4.conf.all.arp_announce = 2
>
> None of the real servers ARP's which is good and everything worked
> perfectly.

great

> I took the same servers, removed lo and configured tunl0:110 to test
> LVS-TUN.
>
> When I telnet from a linux machine I get the same real server. The VIP
> address in the arp table is unfortunately the same as one of the real
> servers.

did you add an entry for tun in the arp_* lines?

> When I try a telnet connection from a windows machine I only get a
> timeout:

forget windows as a client

Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jan at bruvoll

Nov 8, 2007, 4:27 AM

Post #5 of 5 (401 views)
Permalink
Re: [lvs-users] LVS-Tun problem [In reply to]
Grasmo, Johan wrote:
> Isn't it sufficient to add the lines in /etc/sysctl.conf or do I have to
> patch the kernel (I run 2.6.22 btw)

Hi,

You will have to enable those changes by /sbin/sysctl -p /etc/sysctl.conf.

It also seems you need to tell the other servers in your local net about
who's handling the VIP - using keepalived or heartbeat would be the easy
way out, but I'm sure utilities such as arping could do the trick.

Best regards
Jan


_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

Linux Virtual Server users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.