> -----Original Message----- > From: lvs-users-boun...@linuxvirtualserver.org > [mailto:lvs-users-boun...@linuxvirtualserver.org] On Behalf > Of Lloyd Brown > Sent: Tuesday, July 29, 2014 12:58 AM > To: lvs-users@linuxvirtualserver.org > Subject: [lvs-users] TCP Connection Sync Problems RHEL > > Hi, all. > > I'm currently testing a RHEL 6.5 based LVS Director setup for > load balancing SSH connections. I've used Debian directors > for a number of years, and they've worked great, but for some > reason, the RHEL directors aren't acting the way I'm expecting. > > Basically I'm seeing two things: > - The backup director doesn't seem to be getting the client > connection info synchronized > - The connection info (eg. the output of "ipvsadm -L -c") > doesn't show the connection closing. Instead it stays in > "ESTABLISHED" state until it times out. > > I'm not really sure how to troubleshoot the second issue. So > for now, I'm focusing on the first, the one about the > connection sync problem. I did capture the packets between > the two directors, using tcpdump, and when I open the capture > file in wireshark, I see "Connection Count: 0". > When I do a similar capture on my working Debian directors, > I see non-zero connection count, and the details of the > specific connections, in the wireshark analysis. > > Any thoughts here? How do I go about finding the problem > here? Should I be looking at kernel code? ipvsadm code? > > I'm using keepalived to manage this, so I'll include that > .conf file here, as well as example capture files from my > working Debian setup, and the non-working RHEL test setup. > Note that the packet captures also include the VRRP sync > packets, but they can be ignored. > > Both directors are basically stock RHEL 6.5, running kernel > 2.6.32-431.17.1.el6.x86_64, keepalived-1.2.7, and ipvsadm-1.25. > > If anyone can point me in the right direction on how to > diagnose this, I'd appreciate it. > > Thanks, >
Hi Lloyd, do you have disables SELinux for the RHEL hosts? By the way: also set the firewall to accept all (later if all is working you should set up a firewall of cause) I wich way you communicate the keepalived between the two directors? Over Ethernet or serial cable? best regards Frank mfg Frank Kirschner ============================== Frank Kirschner IT Services Celebrate Records GmbH Am Birkenwaeldchen 2 09366 Stollberg Germany mail: fr...@celebrate.de web: www.celebrate.de fon: +49 37296 9201 60 fax: +49 37296 9201 75 CEO: Carsten Haupt USt ID: DE 812 617 147 Registered at Country Court Chemnitz HRB ID: 16308 ------------------------------ PGP-Key is available at pgp.mit.edu ------------------------------ _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users