Gerry Reno wrote: > So I wait for a while and let all connections go inactive/timeout then I > reload webpage to VIP and make new connection using ssh to VIP and now > it is showing on MASTER. Not one new entry in logs on either server. So > how can this be? > MASTER: > [EMAIL PROTECTED] keepalived]# ipvsadm -l > IP Virtual Server version 1.2.1 (size=4096) > Prot LocalAddress:Port Scheduler Flags > -> RemoteAddress:Port Forward Weight ActiveConn InActConn > TCP 192.168.1.240:https rr persistent 600 > -> 192.168.1.201:https Route 1 0 0 > -> 192.168.1.200:https Route 1 0 0 > TCP 10.3.0.3:http wlc persistent 600 > TCP 192.168.1.240:http rr persistent 600 > -> 192.168.1.201:http Route 1 1 0 > -> 192.168.1.200:http Route 1 0 0 > TCP 192.168.1.240:ssh rr persistent 600 > -> 192.168.1.201:ssh Route 1 1 0 > -> 192.168.1.200:ssh Route 1 0 0 > > > BACKUP: > [EMAIL PROTECTED] keepalived]# ipvsadm -l > IP Virtual Server version 1.2.1 (size=4096) > Prot LocalAddress:Port Scheduler Flags > -> RemoteAddress:Port Forward Weight ActiveConn InActConn > TCP 192.168.1.240:https rr persistent 600 > -> 192.168.1.201:https Route 1 0 0 > -> 192.168.1.200:https Route 1 0 0 > TCP 192.168.1.240:http rr persistent 600 > -> 192.168.1.201:http Route 1 0 0 > -> 192.168.1.200:http Route 1 0 0 > TCP 192.168.1.240:ssh rr persistent 600 > -> 192.168.1.201:ssh Route 1 0 0 > -> 192.168.1.200:ssh Route 1 0 0 > > Can anyone explain why this is happening. The LVS is working just fine > but the connections aren't always where they should be. > > Gerry > > > So I conduct another test: I restart both the BACKUP keepalived machine and the .201 real server. As you can see above there was no traffic on either of these. They both reboot fine and keepalived starts on the BACKUP and the webserver starts on boot. Now I go back to the original browser and click on an icon in the webapp that is using the VIP and it just times out. Try a reload, still times out. I check the output from ipvsadm:
MASTER: [EMAIL PROTECTED] keepalived]# ipvsadm -l IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.240:https rr persistent 600 -> 192.168.1.201:https Route 1 0 0 -> 192.168.1.200:https Route 1 0 0 TCP 10.3.0.3:http wlc persistent 600 TCP 192.168.1.240:http rr persistent 600 -> 192.168.1.201:http Route 1 0 0 -> 192.168.1.200:http Route 1 0 0 TCP 192.168.1.240:ssh rr persistent 600 -> 192.168.1.201:ssh Route 1 0 0 -> 192.168.1.200:ssh Route 1 0 0 [EMAIL PROTECTED] keepalived]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:a7:c7:33 brd ff:ff:ff:ff:ff:ff inet 192.168.1.150/24 brd 192.168.1.255 scope global eth0 inet 192.168.1.240/24 scope global secondary eth0 inet6 fe80::20c:29ff:fea7:c733/64 scope link valid_lft forever preferred_lft forever BACKUP: [EMAIL PROTECTED] ~]# ipvsadm -l IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.240:https rr persistent 600 -> 192.168.1.201:https Route 1 0 0 -> 192.168.1.200:https Route 1 0 0 TCP 192.168.1.240:http rr persistent 600 -> 192.168.1.201:http Route 1 0 1 <------------- it is showing an InActConn although it was showing no connections prior to clicking the icon in the VIP browser. -> 192.168.1.200:http Route 1 0 0 TCP 192.168.1.240:ssh rr persistent 600 -> 192.168.1.201:ssh Route 1 0 0 -> 192.168.1.200:ssh Route 1 0 0 [EMAIL PROTECTED] ~]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:54:ef:09 brd ff:ff:ff:ff:ff:ff inet 192.168.1.151/24 brd 192.168.1.255 scope global eth0 inet6 fe80::20c:29ff:fe54:ef09/64 scope link valid_lft forever preferred_lft forever I check the webservers direct access and everything is fine. So finally I recycle keepalived on the MASTER and only then do I regain ability to using the VIP in the browser. So is it necessary to restart keepalived on both servers at the same time? I would like to know how to make LVS reliable even when taking servers down for maintenance. Gerry _______________________________________________ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
