LVS-TUN setup - responses from realserver not being let through

Roberto Nibali ratz at drugphish.ch
Fri Sep 15 13:19:41 BST 2006 

>>> I'm not sure exactly what this is indicative of, but:
>>>
>>> On the real server -
>>>
>>> "traceroute -S <VIP> <client>" - nothing comes through.  Does this
>>> mean there's a router config problem, i.e. a router is not letting
>>> those packets through due to the source address?
>> What's your routing entries? ip rule show, ip route show? What does an
>> ip route get <client> from <VIP> show you?
> 
> On the director:  (presumably not interesting)
> 
> # ip route get 217.8.220.94 from 88.198.198.122
> 217.8.220.94 from 88.198.198.122 via 88.198.41.97 dev eth1
>     cache  mtu 1500 advmss 1460 fragtimeout 64

So the director has a different DGW than the RS?

> On the real server:
> 
> # ip route get 217.8.220.94 from 88.198.198.122
> 217.8.220.94 from 88.198.198.122 via 88.198.7.129 dev eth1
>     cache  mtu 1500 advmss 1460 fragtimeout 64
> 
> # ip rule show
> 0:      from all lookup local
> 32766:  from all lookup main
> 32767:  from all lookup default
> 
> # ip route show
> 88.198.7.128/27 dev eth1  proto kernel  scope link  src 88.198.7.133

Why is that? What's the primary address of eth1 on your RS?

> 169.254.0.0/16 dev eth1  scope link
> 127.0.0.0/8 dev lo  scope link
> default via 88.198.7.129 dev eth1

Stupid questions:

o You took care of the arp problem, right?
o There's no rp_filter enabled on the RS?
o ~.7.129 is your DGW in the data center?
o no NAT between the client and LVS?

Could you send the 'ip addr show' output from your RS and director?

>> Where about in Zürich are you?
> 
> We're in Herrliberg, about 25mins south on the Goldcoast.

Just got booked for speeding from the police of that region; guess I was 
distracted by all those fancy rich ladies and the beautiful view on the 
lake :).

>> Roberto Nibali, ratz (in Altstetten right now)
> 
> Ah, I suspect I know who you are working for :-)

Yep, you better tell the Goldcoast people to chill with the speeding 
fines, or I'll re-route their assets into /dev/null :).

Cheers,
Roberto Nibali, ratz
-- 
echo 
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list