I went and established a ssh connection to my VIP and I also started a
web session to my VIP but when I look for connections on MASTER I do not
see them. Instead I see connections on BACKUP. Here is some output:
MASTER:
[EMAIL PROTECTED] keepalived]# ipvsadm -l
IP Virtual Server version 1.2.1
Gerry Reno wrote:
> I went and established a ssh connection to my VIP and I also started a
> web session to my VIP but when I look for connections on MASTER I do not
> see them. Instead I see connections on BACKUP. Here is some output:
>
> MASTER:
> [EMAIL PROTECTED] keepalived]# ipvsadm -l
> I
Gerry Reno wrote:
> I went and established a ssh connection to my VIP and I also started a
> web session to my VIP but when I look for connections on MASTER I do not
> see them. Instead I see connections on BACKUP. Here is some output:
>
> MASTER:
> [EMAIL PROTECTED] keepalived]# ipvsadm -l
> I
Gerry Reno wrote:
> So I wait for a while and let all connections go inactive/timeout then I
> reload webpage to VIP and make new connection using ssh to VIP and now
> it is showing on MASTER. Not one new entry in logs on either server. So
> how can this be?
> MASTER:
> [EMAIL PROTECTED] keepaliv
Gerry Reno wrote:
> Gerry Reno wrote:
>
>> So I wait for a while and let all connections go inactive/timeout then I
>> reload webpage to VIP and make new connection using ssh to VIP and now
>> it is showing on MASTER. Not one new entry in logs on either server. So
>> how can this be?
>> MASTER
Gerry
On Thu, 2007-08-02 at 14:49 -0400, Gerry Reno wrote:
> I would like to know how to make LVS reliable even when taking servers
> down for maintenance.
I think you need to back up a bit and take stock.
Firstly, keepalived is not LVS. It's a combined VRRP implementation,
healthcheck subsyste
On Thu, 2007-08-02 at 20:26 +0100, Graeme Fowler wrote:
> For now, that'll do. We'll move onto LVS when you have keepalived/VRRP
> behaving as you want it to.
also remind us what topology this is - NAT or DR?
Graeme
___
LinuxVirtualServer.org mailing
Graeme Fowler wrote:
> Gerry
>
> On Thu, 2007-08-02 at 14:49 -0400, Gerry Reno wrote:
>> I would like to know how to make LVS reliable even when taking servers
>> down for maintenance.
>
> I think you need to back up a bit and take stock.
>
> Firstly, keepalived is not LVS. It's a combined VRRP im
Hi Gerry
On Thu, 2007-08-02 at 16:24 -0400, Gerry Reno wrote:
> This is all LVS-DR and I admit I am no network expert. But I do think I
> understand the basic concepts of how LVS functions. So here goes at some
> basic information of my setup:
>
> FIREWALLS: both MASTER and BACKUP are identical
Forgot this:
ROUTING TABLE: shows same on MASTER, BACKUP and all RS
[EMAIL PROTECTED] ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
Graeme Fowler wrote:
> Hi Gerry
>
> On Thu, 2007-08-02 at 16:24 -0400, Gerry Reno wrote:
>
>> This is all LVS-DR and I admit I am no network expert. But I do think I
>> understand the basic concepts of how LVS functions. So here goes at some
>> basic information of my setup:
>>
>> FIREWALLS: b
Gerry Reno wrote:
> The rest of this setup is working fine except that you cannot reliably
> tell where the connections are.
>
And you have to restart both directors not just one in order to get
reliable connections.
Gerry
___
LinuxVirtualServer
On Thu, 2007-08-02 at 17:10 -0400, Gerry Reno wrote:
> No. Directors and Real Servers are separate machines.
Right, got that, In that case once the realservers are setup, just leave
them alone. Their config is the same regardless of the active director.
> While working through the HOWTO it explai
On Thu, 2007-08-02 at 17:18 -0400, Gerry Reno wrote:
> And you have to restart both directors not just one in order to get
> reliable connections.
See my closing comments on the reply to your previous message.
Graeme
___
LinuxVirtualServer.org mailin
Graeme Fowler wrote:
> On Thu, 2007-08-02 at 17:10 -0400, Gerry Reno wrote:
>
>> No. Directors and Real Servers are separate machines.
>>
>
> Right, got that, In that case once the realservers are setup, just leave
> them alone. Their config is the same regardless of the active director.
>
On Thu, 2 Aug 2007, Gerry Reno wrote:
Gerry,
You had about 80 lines posted above from 3 levels of
posting. If some of this is not needed for this question,
can you edit it out?
>> Because the client has ended the TCP connection. Remember: *blink*.
>>
> So they would not even be shown a
On Fri, 3 Aug 2007, Graeme Fowler wrote:
> It won't hurt you to ping the router (the RS default gateway) from the
> VIP on transition, even if the router does handle GARP. At least you'll
> know that it knows, IYSWIM.
>
> ping -c3 -I $VIP $GW
send_arp.c (mentioned in the HOWTO) does the same thin
On Thu, 2007-08-02 at 17:43 -0400, Gerry Reno wrote:
> So they would not even be shown as InActConn, right?
No. Closed connections are neither active nor inactive, they're closed.
For LVS-NAT the director sees the whole transaction, so it knows that a
connection has been opened/is active/is closi
Joseph Mack NA3T wrote:
> If some of this is not needed for this question,
> can you edit it out?
>
Sure thing.
Gerry
___
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to [EMAIL PROTECTED]
or go to http://list
Graeme Fowler wrote:
> ping -c3 -I $VIP $GW
>
This command hangs for me unless I add -w 3 to deadline it.
Also, F7 is giving an avc denial when I try to run it in a notify
script. Darn SELinux; I like it until it does this type of thing. I
opened a bug on F7 for this. Something about denied a
Here is a scenario that is presenting inconsistent results:
Both directors started and running normally handling VIP connections.
Users have been working in webapps but they are idle for a while and
connections have gone past persistent time.
ipvsadm -l on both directors shows no connections. (t
On Thu, 2007-08-02 at 21:35 -0400, Gerry Reno wrote:
> Graeme Fowler wrote:
> > ping -c3 -I $VIP $GW
> >
> This command hangs for me unless I add -w 3 to deadline it.
That sounds like your router is dropping ICMP from your directors, then.
I'd expect it to take 3 seconds to return, like so:
[E
Graeme Fowler wrote:
> On Thu, 2007-08-02 at 21:35 -0400, Gerry Reno wrote:
>
>> Also, F7 is giving an avc denial when I try to run it in a notify
>> script. Darn SELinux; I like it until it does this type of thing. I
>> opened a bug on F7 for this. Something about denied access to ip socket.
23 matches
Mail list logo
