steiny at infopoint
May 21, 2009, 8:58 AM
Post #4 of 4
(685 views)
Permalink
|
|
Re: [lvs-users] Struggling for a long time on this
[In reply to]
|
|
Ok, problem solved. One thing I could not figure out how to do, I had
done, but done wrong is to route the packets from the real servers back
to the LVS virtual server. This is NAT, but the same information would
be useful for DR, which I plan to switch to. The real servers were
Windows 2003. There were two NICs on them and I needed to access them
remotely so I needed to have different gateways on the different NIC
cards (one for the internal net and one for the router so I could access
them remotely to set them up). There is a feature of Windows 2003 called
Routing and Remote Access which can be accessed trough the Accessories
submenu. To use this it is necessary to go into Services and shut off
Windows Firewall and disable so it does not start. RRA allows for fine
grained control over ports and IP addresses, so it can be used fine for
firewalling. If you enable RRA, you will be able to set different
default gateways for each card. That way you can use one card for
remote access using remote desktop and another as the internal network.
I set the internal gateway to the internal IP addresss of the local
address of the LVS machine.
Another thing I found confusing and did not see mentioned explicitly
anywhere is that if you are remotely accessing your cluster, the VIP can
be the RIP of the system you are using to set things up (the same IP
address is serving different functions, but it is the same address
nonetheless). Instructions about VIPs other than assuming that you know
what to do, talk of creating a separate IP address tied to eth0:1 or
some such thing. For NAT, at least, this is unnecessary and you can use
the IP address of the Linux server you are using for LVS as your "VIP."
Just be sure not to route ssh to the other servers. You can get into
the other servers using telnet and even on windows you can do quite a
bit using their "shell." If you are doing it the way I did, then there
is one NIC that is for the outside and one NIC that is for the inside.
Use the outside IP address of the NIC as your VIP (the same address you
are sshing to to set it up) and send the packets back to the LVS server
from the Windows systems by setting the gateway to be the IP address of
the inside IP address on the LVS server (by setting the gateway using
RRA). Then it all works as advertised.
-Don
> Hi,
>
> There are countless "how tos" on setting up LVS and I have tried all
> of them with no success. Here's my situation. The boxes live in a data
> center. I have a Linux box with Debian 2.6.26. It has two ports, eth0
> and eth1. The two cards talk to two networks, one starting with 66. and
> going to the outside and the other 172. and going to the inside. Here
> is the result of ifconfig:
>
> eth0 Link encap:Ethernet HWaddr 00:30:48:d2:1d:52
> inet addr:66.135.63.60 Bcast:66.135.63.127 Mask:255.255.255.128
> inet6 addr: fe80::230:48ff:fed2:1d52/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:12324 errors:0 dropped:0 overruns:0 frame:0
> TX packets:9740 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:10
> RX bytes:1163587 (1.1 MiB) TX bytes:991344 (968.1 KiB)
> Memory:d8000000-d8020000
>
> eth1 Link encap:Ethernet HWaddr 00:30:48:d2:1d:53
> inet addr:172.20.4.37 Bcast:172.20.4.63 Mask:255.255.255.224
> inet6 addr: fe80::230:48ff:fed2:1d53/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:42 errors:0 dropped:0 overruns:0 frame:0
> TX packets:94 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:7241 (7.0 KiB) TX bytes:15327 (14.9 KiB)
> Memory:d8200000-d8220000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:22 errors:0 dropped:0 overruns:0 frame:0
> TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:1190 (1.1 KiB) TX bytes:1190 (1.1 KiB)
>
> The documentation talks of a VIP and a RIP and sometimes a DIP. I
> arranged for there to be MKS telnet on the Windows machine and I can get
> to it through either the internal or external address. I think that NAT
> will be the simplest and from what I can see, I should be able to enable
> ip_forwarding and then use ipvsadm to create a route from the linux
> machine to the windows machine. I used these commands:
>
> ipvsadm -A -t 66.135.63.60:telnet -s rr
> ipvsadm -a -t 66.135.63.60:telnet -r 172.20.4.38:telnet -m -w 1
>
> and the resulting output of ipvsadm is (60 is server60 and 38 is windows1)
>
> IP Virtual Server version 1.2.1 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP server060.byteadmin.com:teln rr
> -> windows1:telnet Masq 1 0 0
>
> I can ping and telenet from the linux box (60) to the windows box (38)
> but if I telnet to 60 from a client (my PC at home) it just hangs. Why
> is it not passing the packets through to the Windows machine? How can I
> debug this?
>
> -Don
>
>
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
> Send requests to lvs-users-request [at] LinuxVirtualServer
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
