Looking for Simple Instructions

Matthew matthew at matthewboehm.com
Fri Nov 10 17:43:33 GMT 2006 

I've attempted to simplify things on this new attempt (fyi, there is no 
eth0 on any of the machines):

DIP = 74.52.166.34  bound to eth1
VIP = 74.52.166.35  bound to eth1:35

RS1 = 74.52.166.50  bound to eth1
RS1VIP = 74.52.166.35 bound to lo:35

RS2 = 74.52.166.130 bound to eth1
RS2VIP = 74.52.166.35 bound to lo:35

On Director:
   [root at lb1 ~]# sysctl -p
   net.ipv4.conf.lo.arp_ignore = 0
   net.ipv4.conf.lo.arp_announce = 0
   net.ipv4.conf.eth1.arp_ignore = 0
   net.ipv4.conf.eth1.arp_announce = 0
   net.ipv4.conf.all.send_redirects = 1
   net.ipv4.conf.default.send_redirects = 1
   net.ipv4.conf.eth1.send_redirects = 1
   net.ipv4.ip_forward = 0
   net.ipv4.conf.default.rp_filter = 1
   net.ipv4.conf.default.accept_source_route = 0

On both RS's:
   net.ipv4.conf.lo.arp_ignore = 1
   net.ipv4.conf.lo.arp_announce = 2
   net.ipv4.conf.eth1.arp_ignore = 1
   net.ipv4.conf.eth1.arp_announce = 2
   net.ipv4.ip_forward = 0
   net.ipv4.conf.default.rp_filter = 1
   net.ipv4.conf.default.accept_source_route = 0

> Care to show the ipvsadm -L -n output?

[root at lb1 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.0 (size=4096)
Prot LocalAddress:Port Scheduler Flags
   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  74.52.166.35:23 rr
   -> 74.52.166.50:23              Route   1      0          0
   -> 74.52.166.130:23             Route   1      0          0

> The preferred way of dealing with this is by instrumenting 
> arp_{announce,ignore} in the proc-fs.

	I've cleared out all the arptables stuff and are trying to use the 
arp_{announce,ignore} as suggested but I am unsure which interfaces need 
what setting. The mini-HOWTO isn't too clear on this.

> Can you tcpdump on the director? Are you sure there's not some filtering 
> of illicit traffic on switch ports on your ISP's side?

Yes. Running "tcpdump -n -i eth1 port 23" on the director shows lots of 
these when I try and telnet from my home machine:

11:37:45.031014 IP 70.241.143.240.3165 > 74.52.166.35.telnet: S 
2050237163:2050237163(0) win 65535 <mss 1452,nop,nop,sackOK>

Running "tcpdump -n -i any port 23" on the 2 RS's shows nothing when I 
try to telnet to the VIP.

Thanks very much for your assistance.

-Matthew

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list