LVS-Tun director not sending ipip packets

Simon Detheridge simon at
Sun Oct 29 23:58:35 GMT 2006


I have a pair of directors, and a pair of realservers. The directors  
use heartbeat for high-availablility.

I've recently started having trouble with my backup director. I think  
the problem started when I upgraded from heartbeat 1.2.3, to 1.2.5 --  
although this may be coincidental. Foolishly I forgot to check it was  
actually working correctly *before* I performed the upgrade. I only  
upgraded heartbeat on the backup director - I'm not touching the  
primary until I know the backup works.

When I stop heartbeat on my primary director, the backup director  
correctly (it seems) takes over the VIP, and sets up the director  
correctly. However, it does not appear to send any tunelled packets to  
the realservers.

I have checked this with tcpdump. On my primary director, I can see  
packets coming in to the VIP on the external interface, and going out  
as ipip packets (tcp protocol 4) on the internal interface. The  
realserver(s) then recieve these, and I can see them coming in as  
protocol 4 on the internal interface, and as expected on the tunl0  

When I stop heartbeat on my primary director, and the backup takes  
over, I can see packets coming in on the VIP again, but no ipip  
packets go out the external interface (or anywhere else).

The output of ipvsadm on each machine is identical (when they are  
trying to be a director, obviously it's empty otherwise) and looks  
like this:

IP Virtual Server version 1.2.0 (size=4096)
Prot LocalAddress:Port Scheduler Flags
   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP wlc
   ->   Tunnel  50     0          0
   -> Tunnel  50     0          0
TCP wlc
   -> Tunnel  50     0          0
   -> Tunnel  50     0          0

Thus, everything *looks* like it's configured both correctly, and  
identically on both machines, but one is not working. Where would be  
the next place to look, to figure out why?


Simon Detheridge
SEN Developer, Widgit Software

This message has been scanned for viruses by BlackSpider MailControl -

More information about the lvs-users mailing list