I tried both, but it didn't work. Maybe my switch/gw is rejecting packets from my realservers directly to customers because of RPF filter?
2014-03-24 18:03 GMT-03:00 Malcolm Turnbull <malc...@loadbalancer.org>: > I've never used that method before, I would think you would need to be > careful with your rp_filter settings? > > The ones I know that do work with the DR mode LVS arp problem are: > > http://pdfs.loadbalancer.org/quickstartguideLBVMv7.pdf > Page 30: loopback + arp_ignore sysctl values > > or forget the loopback and use just > Page 29: iptables method > > > > > On 24 March 2014 20:57, Tiago <syt...@gmail.com> wrote: > > Hi Malcom, > > > > Answering: > >>Is the apache server responding to BOTH the RIP & the VIP? (RIP for > >>health checks, VIP for load balanced traffic) > > > > root@web1:/var/log/apache2# netstat -ntlpd | grep :80 > > tcp 0 0 0.0.0.0:80 0.0.0.0:* > LISTEN > > 10159/apache2 > > > > > >>And how have you solved the ARP problem for the loopback adapter? > > > > As we have completely separate vlans, the traffic which comes to VIP > > doesn't reach RIP network segment. So, per some instructions I didn't > take > > any measure on it, I hope that approach is correct. > > > > Basically I have: > > LVS server: > > > > eth1 (vlan 2054) with public IPs > > eth0 (vlan 1296) with private IPs > > > > So I have VIP on top of eth1. > > And I have an 10.56.213.6 on top of eth0. > > > > Real servers: > > eth1 (vlan 2054) with public IPs > > eth0 (vlan 1296) with private IPs > > > > So I have VIP on lo:0 > > And I have 10.56.213.20 on top of eth0 on realserver 1 and I have > > 10.56.213.21 on top of eth0 on realserver 2. > > > > Thanks > > > > > > > > > > 2014-03-24 17:40 GMT-03:00 Malcolm Turnbull <malc...@loadbalancer.org>: > > > >> Tiago, > >> > >> Is the apache server responding to BOTH the RIP & the VIP? (RIP for > >> health checks, VIP for load balanced traffic) > >> And how have you solved the ARP problem for the loopback adapter? > >> > >> > >> > >> On 24 March 2014 20:00, Tiago <syt...@gmail.com> wrote: > >> > Hello all, > >> > > >> > I'm trying to setup an LVS-DR here for a couple of webservers. My > >> scenario > >> > is: > >> > > >> > Eth1 and eth0 are in separated vlans. > >> > > >> > 1. My realservers ips: 10.56.213.31-10.56.213.32 at eth0 > >> > 2. > >> > 3. myrealip** at eth1 (its a public IP) > >> > 4. > >> > 5. > >> > 6. root@lvs1:~# ipvsadm > >> > 7. IP Virtual Server version 1.2.1 (size=4096) > >> > 8. Prot LocalAddress:Port Scheduler Flags > >> > 9. -> RemoteAddress:Port Forward Weight ActiveConn > >> InActConn > >> > 10. TCP myrealip**:http wlc > >> > 11. -> 10.56.213.31:http Route 1 0 0 > >> > 12. -> 10.56.213.32:http Route 1 0 0 > >> > 13. > >> > 14. On realservers: > >> > 15. lo:0 Link encap:Local Loopback > >> > 16. inet addr:myrealip** Mask:255.255.255.255 > >> > 17. UP LOOPBACK RUNNING MTU:16436 Metric:1 > >> > 18. > >> > 19. route -n: > >> > 20. myrealip** 0.0.0.0 255.255.255.255 UH 0 0 > >> 0 > >> > lo > >> > 21. > >> > 22. > >> > 23. When someone try to access myrealip**:80 I have: > >> > 24. -> 10.56.213.31:http Route 1 0 1 > >> > 25. -> 10.56.213.32:http Route 1 0 0 > >> > 26. > >> > 27. And on realserver 10.56.213.31: > >> > 28. > >> > 29. root@web1:/var/log/apache2# tcpdump -ni eth0 host 216.5.78.123 > >> (my > >> > source ip) > >> > 30. tcpdump: WARNING: eth0: no IPv4 address assigned > >> > 31. tcpdump: verbose output suppressed, use -v or -vv for full > >> protocol > >> > decode > >> > 32. listening on eth0, link-type EN10MB (Ethernet), capture size > 65535 > >> > bytes > >> > 33. 13:40:35.267880 IP 216.5.78.123.37026 > myrealip**.80: Flags > [S], > >> > seq 2186878409, win 14600, options [mss 1460,sackOK,TS val > 164050646 > >> ecr > >> > 0,nop,wscale 7], length 0 > >> > 34. 13:40:36.270371 IP 216.5.78.123.37026 > myrealip**.80: Flags > [S], > >> > seq 2186878409, win 14600, options [mss 1460,sackOK,TS val > 164051646 > >> ecr > >> > 0,nop,wscale 7], length 0 > >> > 35. 13:40:38.276806 IP 216.5.78.123.37026 > myrealip**.80: Flags > [S], > >> > seq 2186878409, win 14600, options [mss 1460,sackOK,TS val > 164053646 > >> ecr > >> > 0,nop,wscale 7], length 0 > >> > 36. 13:40:42.294667 IP 216.5.78.123.37026 > myrealip**.80: Flags > [S], > >> > seq 2186878409, win 14600, options [mss 1460,sackOK,TS val > 164057646 > >> ecr > >> > 0,nop,wscale 7], length 0 > >> > 37. 13:40:50.328756 IP 216.5.78.123.37026 > myrealip**.80: Flags > [S], > >> > seq 2186878409, win 14600, options [mss 1460,sackOK,TS val > 164065646 > >> ecr > >> > 0,nop,wscale 7], length 0 > >> > 38. > >> > 39. But I can't see the answer going back to me in any interface I > >> have > >> > at these realservers. I don't get any HTTP HIT at apache either. > >> > > >> > Obviously it seems I'm missing something here, however, I can't see > >> clearly > >> > what is it. > >> > > >> > Can you help on this? > >> > > >> > Thanks in advance! > >> > _______________________________________________ > >> > Please read the documentation before posting - it's available at: > >> > http://www.linuxvirtualserver.org/ > >> > > >> > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > >> > Send requests to lvs-users-requ...@linuxvirtualserver.org > >> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > >> > >> > >> > >> -- > >> Regards, > >> > >> Malcolm Turnbull. > >> > >> Loadbalancer.org Ltd. > >> Phone: +44 (0)870 443 8779 > >> http://www.loadbalancer.org/ > >> > >> _______________________________________________ > >> Please read the documentation before posting - it's available at: > >> http://www.linuxvirtualserver.org/ > >> > >> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > >> Send requests to lvs-users-requ...@linuxvirtualserver.org > >> or go to http://lists.graemef.net/mailman/listinfo/lvs-users > >> > > _______________________________________________ > > Please read the documentation before posting - it's available at: > > http://www.linuxvirtualserver.org/ > > > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > > Send requests to lvs-users-requ...@linuxvirtualserver.org > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > > > > -- > Regards, > > Malcolm Turnbull. > > Loadbalancer.org Ltd. > Phone: +44 (0)870 443 8779 > http://www.loadbalancer.org/ > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > Send requests to lvs-users-requ...@linuxvirtualserver.org > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
