Hi, all. I'm currently testing a RHEL 6.5 based LVS Director setup for load balancing SSH connections. I've used Debian directors for a number of years, and they've worked great, but for some reason, the RHEL directors aren't acting the way I'm expecting.
Basically I'm seeing two things: - The backup director doesn't seem to be getting the client connection info synchronized - The connection info (eg. the output of "ipvsadm -L -c") doesn't show the connection closing. Instead it stays in "ESTABLISHED" state until it times out. I'm not really sure how to troubleshoot the second issue. So for now, I'm focusing on the first, the one about the connection sync problem. I did capture the packets between the two directors, using tcpdump, and when I open the capture file in wireshark, I see "Connection Count: 0". When I do a similar capture on my working Debian directors, I see non-zero connection count, and the details of the specific connections, in the wireshark analysis. Any thoughts here? How do I go about finding the problem here? Should I be looking at kernel code? ipvsadm code? I'm using keepalived to manage this, so I'll include that .conf file here, as well as example capture files from my working Debian setup, and the non-working RHEL test setup. Note that the packet captures also include the VRRP sync packets, but they can be ignored. Both directors are basically stock RHEL 6.5, running kernel 2.6.32-431.17.1.el6.x86_64, keepalived-1.2.7, and ipvsadm-1.25. If anyone can point me in the right direction on how to diagnose this, I'd appreciate it. Thanks, -- Lloyd Brown Systems Administrator Fulton Supercomputing Lab Brigham Young University http://marylou.byu.edu
rhel_testing_logindr_sync_no_connections.pcap
Description: application/vnd.tcpdump.pcap
debian_logindr_production_connectionsync.pcap
Description: application/vnd.tcpdump.pcap
! Configuration File for keepalived global_defs { notification_email { OBSCURED_EMAIL } smtp_server OBSCURED_SMTP_SERVER_IP smtp_connect_timeout 30 router_id logindrtest } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 20 priority 100 advert_int 1 authentication { auth_type PASS auth_pass OBSCURED_AUTH_PASSWORD } virtual_ipaddress { 192.168.25.8 192.168.25.12 } smtp_alert nopreempt #debug lvs_sync_daemon_interface eth0 } ##virtual_server 192.168.25.8 22 { #virtual_server fwmark 120 { # delay_loop 30 # lb_algo rr # lb_kind DR # protocol TCP # real_server 192.168.25.9 22 { # weight 1 # MISC_CHECK { # misc_path "/usr/local/sbin/sshcheck.pl 192.168.25.9" # misc_dynamic # } # } # real_server 192.168.25.10 22 { # weight 1 # MISC_CHECK { # misc_path "/usr/local/sbin/sshcheck.pl 192.168.25.10" # misc_dynamic # } # } # #} # virtual_server 192.168.25.12 22 { delay_loop 30 lb_algo rr lb_kind DR protocol TCP real_server 192.168.25.11 22 { weight 1 MISC_CHECK { misc_path "/usr/local/sbin/sshcheck.pl 192.168.25.11" misc_dynamic } } }
_______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users