Setting up a lvs-tun working...

Malcolm Turnbull malcolm at loadbalancer.org
Tue Aug 10 16:14:43 BST 2004


Mathieu,

QPQ. Then that is your problem :-)

That will only work if you've patched the real servers kernel, either 
patch the kernel or use the iptables redirect method.


Regards,

Malcolm Turnbull.

Loadbalancer.org Limited
+44 (0)7715 770523
http://www.loadbalancer.org/


 " When a single point of failure is not an option"

Why not try our online demonstration 
<http://www.loadbalancer.org/demo.html> ? Or get answers to common 
questions <http://www.loadbalancer.org/fud.html> ?



Mathieu Collas wrote:

>I tried to use that :
>
>
>echo 2 >/proc/sys/net/ipv4/conf/all/arp_ignore
>echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
>echo 2 >/proc/sys/net/ipv4/conf/tunl0/arp_ignore
>echo 2 >/proc/sys/net/ipv4/conf/tunl0/arp_announce
>
>
>but this seems to has no effect...
>
>
>
>
>
>
>----- Original Message ----- 
>From: "Malcolm Turnbull" <malcolm at loadbalancer.org>
>To: "LinuxVirtualServer.org users mailing list."
><lvs-users at LinuxVirtualServer.org>
>Sent: Tuesday, August 10, 2004 5:02 PM
>Subject: Re: Setting up a lvs-tun working...
>
>
>  
>
>>Mathieu,
>>
>>How are you handling the ARP problem on the real server ?
>>Hidden interface patch or iptables redirect ?
>>
>>
>>Regards,
>>
>>Malcolm Turnbull.
>>
>>Loadbalancer.org Limited
>>+44 (0)7715 770523
>>http://www.loadbalancer.org/
>>
>>
>> " When a single point of failure is not an option"
>>
>>Why not try our online demonstration
>><http://www.loadbalancer.org/demo.html> ? Or get answers to common
>>questions <http://www.loadbalancer.org/fud.html> ?
>>
>>
>>
>>Mathieu Collas wrote:
>>
>>    
>>
>>>Hello
>>>
>>>Thank you for your reply :)
>>>
>>>I tried to setup the free versions (nat, dr and tun), and none of the 3
>>>work...
>>>
>>>My goal is to make a tun version work, but as i failed to set it up, i
>>>      
>>>
>tried
>  
>
>>>to make a DR version, and then a nat version.... for the 3 version, i
>>>      
>>>
>block
>  
>
>>>at the same state, the connection is received by the realserver, but no
>>>reply arrive to the client...
>>>
>>>
>>>Some explanations :
>>>
>>>I have 2 box, 1 NIC on each box in a datacenter (i have no acces). 1
>>>      
>>>
>public
>  
>
>>>IP per box, and no VIP.
>>>
>>>Here are the command i tried for the tun version :
>>>
>>>INFOs :
>>>IP of the director 213.186.56.124
>>>IP of the realserver : 213.186.58.33
>>>
>>>Tunnel :
>>>   IP of the director 192.168.129.1
>>>   IP of the realserver 192.168.129.100
>>>
>>>VIP 192.168.129.66
>>>
>>>
>>>
>>># director :
>>>------------
>>>
>>>echo 0 >/proc/sys/net/ipv4/ip_forward
>>>
>>>echo 1 >/proc/sys/net/ipv4/conf/all/send_redirects
>>>echo 1 >/proc/sys/net/ipv4/conf/default/send_redirects
>>>echo 1 >/proc/sys/net/ipv4/conf/eth0/send_redirects
>>>
>>>
>>>ip tunnel add mode ipip tunl1 local 213.186.56.124 remote 213.186.58.33
>>>ip addr add dev tunl1 local 192.168.129.1 peer 192.168.129.100
>>>ip link set tunl1 up
>>>
>>>ifconfig eth0:66 192.168.129.66 broadcast 192.168.129.66 netmask
>>>255.255.255.255
>>>route add -host 192.168.126.66 dev eth0:66
>>>
>>>
>>>ipvsadm -A -t 192.168.129.66:23
>>>ipvsadm -a -t 192.168.129.66:23 -r 192.168.129.100:23 -i
>>>
>>># to send traffic to the VIP
>>>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 23 -j
>>>DNAT --to-destination 192.168.129.66
>>>
>>>
>>>
>>>
>>># realserver :
>>>--------------
>>>
>>>echo 0 >/proc/sys/net/ipv4/ip_forward
>>>
>>>ip tunnel add mode ipip tunl1 local 213.186.58.33 remote 213.186.56.124
>>>ip addr add dev tunl1 local 192.168.129.100 peer 192.168.129.1
>>>ip link set tunl1 up
>>>
>>>ifconfig tunl0:66 192.168.129.66 broadcast 192.168.129.66
>>>route add -host 192.168.129.66 dev tunl1:66
>>>
>>>
>>>
>>>The tunnel works good (ping ok, telnet ok) and when i tried a "ping
>>>213.186.56.124" from the outside, i can see the connection in ipvsadm, i
>>>      
>>>
>can
>  
>
>>>see the connection in the realserver too, but the reply never arrive to
>>>      
>>>
>the
>  
>
>>>client
>>>
>>>
>>>
>>>I have no idea why the reply can return to the client...
>>>
>>>
>>>
>>>
>>>
>>>
>>>----- Original Message ----- 
>>>From: "Joseph Mack" <mack.joseph at epa.gov>
>>>To: "LinuxVirtualServer.org users mailing list."
>>><lvs-users at LinuxVirtualServer.org>
>>>Sent: Tuesday, August 10, 2004 3:25 PM
>>>Subject: Re: Setting up a lvs-tun working...
>>>
>>>
>>>
>>>
>>>      
>>>
>>>>Mathieu Collas wrote:
>>>>
>>>>
>>>>        
>>>>
>>>>>Hello all !
>>>>>
>>>>>For 2 days now i'm trying to setting up a working lvs-tun... but it
>>>>>
>>>>>
>>>>>          
>>>>>
>>>still
>>>
>>>
>>>      
>>>
>>>>>doesn't work...
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>have you followed the instructions in the mini-HOWTO for LVS-DR and got
>>>>        
>>>>
>it
>  
>
>>>>to work first?
>>>>
>>>>Joe
>>>>-- 
>>>>Joseph Mack PhD, High Performance Computing & Scientific Visualization
>>>>LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
>>>>Federal Contact - John B. Smith 919-541-1087 - smith.johnb at epa.gov
>>>>_______________________________________________
>>>>LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
>>>>Send requests to lvs-users-request at LinuxVirtualServer.org
>>>>or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>_______________________________________________
>>>LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
>>>Send requests to lvs-users-request at LinuxVirtualServer.org
>>>or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>>>
>>>
>>>      
>>>
>>_______________________________________________
>>LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
>>Send requests to lvs-users-request at LinuxVirtualServer.org
>>or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>>
>>    
>>
>
>_______________________________________________
>LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
>Send requests to lvs-users-request at LinuxVirtualServer.org
>or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>  
>


More information about the lvs-users mailing list