LVS breaking ip_nat_ftp (??)

Joseph Mack NA3T jmack at wm7d.net
Fri Feb 2 11:26:00 GMT 2007 

On Wed, 8 Nov 2006, Antonio Forster wrote:

> The SNAT rules are the following:
>
> iptables -t nat -I POSTROUTING -o eth0 -s inst11  -j SNAT --to-source VIP1
> iptables -t nat -I POSTROUTING -o eth0 -s inst12  -j SNAT --to-source VIP1
> iptables -t nat -I POSTROUTING -o eth0 -s inst13  -j SNAT --to-source VIP1
> iptables -t nat -I POSTROUTING -o eth0 -s inst14  -j SNAT --to-source VIP1
> iptables -t nat -I POSTROUTING -o eth0 -s inst21  -j SNAT --to-source VIP2
> iptables -t nat -I POSTROUTING -o eth0 -s inst22  -j SNAT --to-source VIP2
> iptables -t nat -I POSTROUTING -o eth0 -s inst23  -j SNAT --to-source VIP2
> iptables -t nat -I POSTROUTING -o eth0 -s inst24  -j SNAT --to-source VIP2
> iptables -t nat -I POSTROUTING -o eth0 -s inst31  -j SNAT --to-source VIP3
> iptables -t nat -I POSTROUTING -o eth0 -s inst32  -j SNAT --to-source VIP3
> iptables -t nat -I POSTROUTING -o eth0 -s inst33  -j SNAT --to-source VIP3
> iptables -t nat -I POSTROUTING -o eth0 -s inst34  -j SNAT --to-source VIP3
> iptables -t nat -I POSTROUTING -o eth0 -s inst41  -j SNAT --to-source VIP4
> iptables -t nat -I POSTROUTING -o eth0 -s inst42  -j SNAT --to-source VIP4
> iptables -t nat -I POSTROUTING -o eth0 -s inst43  -j SNAT --to-source VIP4
> iptables -t nat -I POSTROUTING -o eth0 -s inst44  -j SNAT --to-source VIP4
>
>
> We have conducted all the tests you mentioned, and we found out that
> if more than one instance is up and the LVS health checkers  are
> monitoring them and seeing they are up, the outbound FTP fails.
>
> The strange part is:
> - during the test, there were one virtual server group with only one
> active instance, and that one had about 20 sessions. when I activated
> another instance on the same virtual server, the FTP worked fine until
> the amount of connections on the second instance reached the same
> amount of connections the first instance had. At that time, the FTP
> stopped working again.
>
> With this behavior I thought the problem was a result of the load
> balancing itself. Since the scheduler in use is wlc, until LVS had to
> start balancing again between the two instances, it was working. When
> considering this, I decided to change the keepalived configs to
> include persistence for the sessions, and after that, it seems to be
> working in all situations..

Hi Antonio,
 	Did you ever figure out what was going on?

 	After you posted, another similar setup was found to 
work for smtp.

http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.3-Tier.html#client_on_realserver_snat_multiple_vip

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list