dasher at inspiredthinking
Nov 20, 2009, 7:00 AM
Post #1 of 5
(928 views)
Permalink
|
|
[lvs-users] IPVS - Nat Issue
|
|
Hi,
I'm having an issue currently with a setup - and it's probably something
simple that I've missed and not being able to see the wood from the
trees - I'd appreciate any insight about what I've missed.
Issue:
The client connects to the VIP, IPVS picks up the connection on the
public interface(eth0) and shoves it out private interface(eth1) ok but
the packet doesn't reach the realserver (according to tcpdump running
on the realserver).
My best guess is that it's a NAT issue where ipvs isn't rewriting the
source address before it leaves eth1. I'm able to connect from the
director to the realserver and retrieve some content from the service
running on the realserver (lynx 10.177.41.57:80).
The full details of the setup are a little later in this mail - the only
service currently is http(80) but the output from tcpdump on the
director is:
tcpdump -ln port 80 -i any
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96
bytes
14:22:06.527112 IP 95.17.61.77.51254 > 174.143.146.6.80: Flags [S], seq
114523396, win 5840, options [mss 1452,sackOK,TS val 9033472 ecr
0,nop,wscale 7], length 0
14:22:06.527112 IP 95.17.61.77.51254 > 10.177.41.57.80: Flags [S], seq
114523396, win 5840, options [mss 1452,sackOK,TS val 9033472 ecr
0,nop,wscale 7], length 0
Note:
I've verified the above by having 2 sessions open and specifying the
exact interface with tcpdump -ln port 80 -i eth0 and tcpdump -ln port 80
-i eth1.
Setup Details:
The setup is very simple using LVS-NAT:
[client]
|
{internet}
|
[VIP:174.143.146.6](eth0)Director(eth1)[DIP:10.177.41.56]
|
{Private Lan: DRIP:10.177.41.0/24}
|
[RIP:10.177.41.56](eth1)Realserver
Config Details:
General:
All machines are base ubuntu 9.10 install - and come with the ipvs
modules. ipvsadm was installed using aptitude.
No extra patches or downloads have been applied to ipvs (which might be
the problem).
The servers are vm's running in a hosted environment.
Details & command outputs:
(director) IPVSAdm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 174.143.146.6:80 rr
-> 10.177.41.57:80 Masq 1 0 0
(all servers are the same)Ubuntu 9.10:uname -a
Linux ipvs 2.6.31-302-rs #7 SMP [date] x86_64 GNU/Linux
(director & realserver) IPTables is empty - as far as I understand no
rules are needed for ipvs-nat by default.
(director) iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
(director) iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
(director) sysctl -p
net.ipv4.ip_forward = 1
(realserver) sysctl -p
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
(realserver) The default route is set to be the director DIP
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
