Gerry Reno wrote: > Gerry Reno wrote: > >> So I wait for a while and let all connections go inactive/timeout then I >> reload webpage to VIP and make new connection using ssh to VIP and now >> it is showing on MASTER. Not one new entry in logs on either server. So >> how can this be? >> MASTER: >> [EMAIL PROTECTED] keepalived]# ipvsadm -l >> IP Virtual Server version 1.2.1 (size=4096) >> Prot LocalAddress:Port Scheduler Flags >> -> RemoteAddress:Port Forward Weight ActiveConn InActConn >> TCP 192.168.1.240:https rr persistent 600 >> -> 192.168.1.201:https Route 1 0 0 >> -> 192.168.1.200:https Route 1 0 0 >> TCP 10.3.0.3:http wlc persistent 600 >> TCP 192.168.1.240:http rr persistent 600 >> -> 192.168.1.201:http Route 1 1 0 >> -> 192.168.1.200:http Route 1 0 0 >> TCP 192.168.1.240:ssh rr persistent 600 >> -> 192.168.1.201:ssh Route 1 1 0 >> -> 192.168.1.200:ssh Route 1 0 0 >> >> >> BACKUP: >> [EMAIL PROTECTED] keepalived]# ipvsadm -l >> IP Virtual Server version 1.2.1 (size=4096) >> Prot LocalAddress:Port Scheduler Flags >> -> RemoteAddress:Port Forward Weight ActiveConn InActConn >> TCP 192.168.1.240:https rr persistent 600 >> -> 192.168.1.201:https Route 1 0 0 >> -> 192.168.1.200:https Route 1 0 0 >> TCP 192.168.1.240:http rr persistent 600 >> -> 192.168.1.201:http Route 1 0 0 >> -> 192.168.1.200:http Route 1 0 0 >> TCP 192.168.1.240:ssh rr persistent 600 >> -> 192.168.1.201:ssh Route 1 0 0 >> -> 192.168.1.200:ssh Route 1 0 0 >> >> Can anyone explain why this is happening. The LVS is working just fine >> but the connections aren't always where they should be. >> >> Gerry >> >> >> >> > So I conduct another test: I restart both the BACKUP keepalived machine > and the .201 real server. As you can see above there was no traffic on > either of these. They both reboot fine and keepalived starts on the > BACKUP and the webserver starts on boot. Now I go back to the original > browser and click on an icon in the webapp that is using the VIP and it > just times out. Try a reload, still times out. I check the output from > ipvsadm: > > MASTER: > [EMAIL PROTECTED] keepalived]# ipvsadm -l > IP Virtual Server version 1.2.1 (size=4096) > Prot LocalAddress:Port Scheduler Flags > -> RemoteAddress:Port Forward Weight ActiveConn InActConn > TCP 192.168.1.240:https rr persistent 600 > -> 192.168.1.201:https Route 1 0 0 > -> 192.168.1.200:https Route 1 0 0 > TCP 10.3.0.3:http wlc persistent 600 > TCP 192.168.1.240:http rr persistent 600 > -> 192.168.1.201:http Route 1 0 0 > -> 192.168.1.200:http Route 1 0 0 > TCP 192.168.1.240:ssh rr persistent 600 > -> 192.168.1.201:ssh Route 1 0 0 > -> 192.168.1.200:ssh Route 1 0 0 > [EMAIL PROTECTED] keepalived]# ip addr show > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > qlen 1000 > link/ether 00:0c:29:a7:c7:33 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.150/24 brd 192.168.1.255 scope global eth0 > inet 192.168.1.240/24 scope global secondary eth0 > inet6 fe80::20c:29ff:fea7:c733/64 scope link > valid_lft forever preferred_lft forever > > > BACKUP: > [EMAIL PROTECTED] ~]# ipvsadm -l > IP Virtual Server version 1.2.1 (size=4096) > Prot LocalAddress:Port Scheduler Flags > -> RemoteAddress:Port Forward Weight ActiveConn InActConn > TCP 192.168.1.240:https rr persistent 600 > -> 192.168.1.201:https Route 1 0 0 > -> 192.168.1.200:https Route 1 0 0 > TCP 192.168.1.240:http rr persistent 600 > -> 192.168.1.201:http Route 1 0 1 <------------- it is showing an > InActConn although it was showing no connections prior to clicking the > icon in the VIP browser. > -> 192.168.1.200:http Route 1 0 0 > TCP 192.168.1.240:ssh rr persistent 600 > -> 192.168.1.201:ssh Route 1 0 0 > -> 192.168.1.200:ssh Route 1 0 0 > [EMAIL PROTECTED] ~]# ip addr show > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > qlen 1000 > link/ether 00:0c:29:54:ef:09 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.151/24 brd 192.168.1.255 scope global eth0 > inet6 fe80::20c:29ff:fe54:ef09/64 scope link > valid_lft forever preferred_lft forever > > I check the webservers direct access and everything is fine. > > So finally I recycle keepalived on the MASTER and only then do I regain > ability to using the VIP in the browser. > > So is it necessary to restart keepalived on both servers at the same time? > > I would like to know how to make LVS reliable even when taking servers > down for maintenance. > > > Gerry > > > And here is the LVS state after being able to connect using VIP again:
MASTER: [EMAIL PROTECTED] keepalived]# ipvsadm -l IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.240:https rr persistent 600 -> 192.168.1.201:https Route 1 0 0 -> 192.168.1.200:https Route 1 0 0 TCP 10.3.0.3:http wlc persistent 600 TCP 192.168.1.240:http rr persistent 600 -> 192.168.1.201:http Route 1 0 0 -> 192.168.1.200:http Route 1 4 0 TCP 192.168.1.240:ssh rr persistent 600 -> 192.168.1.201:ssh Route 1 0 0 -> 192.168.1.200:ssh Route 1 0 0 [EMAIL PROTECTED] keepalived]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:a7:c7:33 brd ff:ff:ff:ff:ff:ff inet 192.168.1.150/24 brd 192.168.1.255 scope global eth0 inet 192.168.1.240/24 scope global secondary eth0 inet6 fe80::20c:29ff:fea7:c733/64 scope link valid_lft forever preferred_lft forever BACKUP: [EMAIL PROTECTED] ~]# ipvsadm -l IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.240:https rr persistent 600 -> 192.168.1.201:https Route 1 0 0 -> 192.168.1.200:https Route 1 0 0 TCP 192.168.1.240:http rr persistent 600 -> 192.168.1.201:http Route 1 0 0 -> 192.168.1.200:http Route 1 0 0 TCP 192.168.1.240:ssh rr persistent 600 -> 192.168.1.201:ssh Route 1 0 0 -> 192.168.1.200:ssh Route 1 0 0 [EMAIL PROTECTED] ~]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:54:ef:09 brd ff:ff:ff:ff:ff:ff inet 192.168.1.151/24 brd 192.168.1.255 scope global eth0 inet6 fe80::20c:29ff:fe54:ef09/64 scope link valid_lft forever preferred_lft forever So as you can see the VIP connection was made on the MASTER to RS .200. To reiterate: After rebooting the BACKUP, only when I recycle keepalived on the MASTER, then do I regain ability to using the VIP in the browser. So is it necessary to restart keepalived on both servers at the same time? I would like to know how to make LVS reliable even when taking servers down for maintenance. Gerry _______________________________________________ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
