Looking for Simple Instructions

Roberto Nibali ratz at drugphish.ch
Wed Nov 15 21:21:13 GMT 2006 

Hi Matthew,

>> Well, well, well ... are you trying to get the IP packets confused 
>> with your setup? :)
> 
>     Wasn't "trying" to. Our hosting provider gave us 3 machines with 10 
> IP's each. According to them, all three machines are plugged into the 
> same physical switch.

They better be.

> They are also the ones who setup all the original 
> networking parameters below.

Oh, interesting. Do you have a physical network sketch?

>> From what I've seen, you seem to "own" a /24 class  --> 
>> 72.52.166.0/24. You might either want to:
> 
>     For the most part, yes. I think there are 2 blocks in there that we 
> don't have: .66 - .128 and .142 - .254  I'm sure other customers of 
> theirs have those IPs.

Ok, so you actually only own half of a /24 class :).

> Director: /etc/sysconfig/network-scripts/ifcfg-eth1 (and eth1-range0)
> 
> IPADDR=74.52.166.34
> GATEWAY=74.52.166.33
> NETMASK=255.255.255.240
> 
> IPADDR_START=74.52.166.35
> IPADDR_END=74.52.166.45
> GATEWAY=74.52.166.33
> NETMASK=255.255.255.240
> 
> Slave #1: /etc/sysconfig/network-scripts/ifcfg-eth1 (and eth1-range0)
> 
> IPADDR=74.52.166.50
> GATEWAY=74.52.166.49
> NETMASK=255.255.255.240
> 
> IPADDR_START=74.52.166.51
> IPADDR_END=74.52.166.61
> GATEWAY=74.52.166.49
> NETMASK=255.255.255.240
> NO_ALIASROUTING=yes
> 
> Slave #2: /etc/sysconfig/network-scripts/ifcfg-eth1 (and eth1-range0)
> 
> IPADDR=74.52.166.130
> GATEWAY=74.52.166.129
> NETMASK=255.255.255.240
> 
> IPADDR_START=74.52.166.131
> IPADDR_END=74.52.166.141
> GATEWAY=74.52.166.129
> NETMASK=255.255.255.240
> NO_ALIASROUTING=yes

I'm not sure what I should do with the listing above since it does not 
tell me much, I'm afraid. From what I see you've sent some sort of your 
Linux distribution's network configuration. Since I don't understand its 
semantics I cannot comment it.

>> a) Set your netmasks for the the RIP to /24 or
>> b) Put your RIPs inside the same scope for all servers
> 
>     So basically for IP-DR, all servers need to use the same GW on the 
> same switch? I'm guessing our hosting provider has the switch we are on 
> subnetted?

You mean through VLAN? I'd be interested to know, but then this would be 
an awful waste of IP and HW resources. It would mean that the 
switch/router needs an IP address per VLAN as DGW. I can hardly imagine 
this to be the case. The segment might be subnetted but I doubt it 
matters, unless your provider has put on port ACL.

>> I hope this will work for you.
> 
>     I see some light. Check this:
> 
> Director:
> 11:31:55.232013 IP 70.241.143.240.2366 > 74.52.166.35.telnet: S 
> 1094534970:1094534970(0) win 65535 <mss 1452,nop,nop,sackOK>
> 11:31:55.232024 IP 70.241.143.240.2366 > 74.52.166.35.telnet: S 
> 1094534970:1094534970(0) win 65535 <mss 1452,nop,nop,sackOK>
> 11:31:58.221152 IP 70.241.143.240.2366 > 74.52.166.35.telnet: S 
> 1094534970:1094534970(0) win 65535 <mss 1452,nop,nop,sackOK>
> 11:31:58.221161 IP 70.241.143.240.2366 > 74.52.166.35.telnet: S 
> 1094534970:1094534970(0) win 65535 <mss 1452,nop,nop,sackOK>
> 11:32:04.254643 IP 70.241.143.240.2366 > 74.52.166.35.telnet: S 
> 1094534970:1094534970(0) win 65535 <mss 1452,nop,nop,sackOK>
> 11:32:04.254652 IP 70.241.143.240.2366 > 74.52.166.35.telnet: S 
> 1094534970:1094534970(0) win 65535 <mss 1452,nop,nop,sackOK>
> 
> Slave #1:
> 11:31:52.930429 IP 70.241.143.240.2366 > 74.52.166.35.telnet: S 
> 1094534970:1094534970(0) win 65535 <mss 1452,nop,nop,sackOK>
> 11:31:55.919545 IP 70.241.143.240.2366 > 74.52.166.35.telnet: S 
> 1094534970:1094534970(0) win 65535 <mss 1452,nop,nop,sackOK>
> 11:32:01.953014 IP 70.241.143.240.2366 > 74.52.166.35.telnet: S 
> 1094534970:1094534970(0) win 65535 <mss 1452,nop,nop,sackOK>
> 
> So now at least Slave #1 is getting the packets but I never got a 
> response back.

Your RS' DGW must all point to the same existing DGW, which is some 
router or firewall of your hosting provider. At least on the Slave #1 
you should see the SYN/ACK of the telnet connection. So either there is 
no telnetd running on that box, or you have some filtering rules, or the 
node is confused about where to send the reply packet. If you check your 
Slave #1 using netstat, do you see those connection attempts and if so, 
what TCP state are they in? Are any of the requests also forwarded to 
Slave #2?

> If I can't get my hosting company to put me on 1 subnet, should I revert 
> back to my original IP config and use IP-TUN instead?

Why wouldn't this be possible? You only need like a /28 or even /29 
network if you set the IP addresses up correctly. You can of course try 
to switch to LVS-TUN. The setup is almost the same.

> We discussed this 
> load balancing thing in a meeting yesterday and someone thought it would 
> be good to put one of our other machines with another provider on as 
> 'fallback'. That would require using TUN wouldn't it?

Yes.

I presume you haven't change much of the configuration I've proposed 
earlier, so why does it work nevertheless now? Or did I misinterpret 
your email?

Best regards,
Roberto
-- 
echo 
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list