[lvs-users] ipvsadm and packets leaving a gre tunnel

Joseph Mack NA3T jmack at wm7d.net
Tue Jul 22 16:25:50 BST 2008

On Tue, 22 Jul 2008, Marco Lorig wrote:

> Both "directors" are connected via GRE. The first director 
> starts routing to the second one through the tunnel as 
> soon as the realservers behind it aren´t available 
> anymore. So it "turns off" the ipvsadm and switches itself 
> to a routing instance.


How do the clients know which datacenter to route to?

> The second director, which also serves clients and servers 
> at its location by ipvsadm, starts another ipvsadm 
> instance on the GRE interface and is receiving routed 
> packets from the first director through GRE tunnel.

I see.

can you set mss on this interface?

ip_vs() does all sorts of things to the interface. I don't 
expect anyone has tried LVS on a gre interface.

>> client->director1->gre-tunnel->director2->realserver?
>> I assume you have two directors in some standard failover
>> setup and only one is directing when your LVS is up?
> It isn´t a typical failover scenario. On each location are 
> two machines (master/slave). The failover I´m talking 
> about is switching between datacenters.

got it.

> If the realservers after director1 at location 1 aren´t 
> available anymore, the director1 starts normal routing 
> operation through tunnel to the other director2 at 
> location 2, which handles it´s own ipvsadm instances, 
> clients and realservers. The director2 now serves client 
> from location 1 with servers at location 2 through GRE 
> Tunnel.
>> the copy has nothing to do with LVS? ie you can do the copy
>> when there is nothing in the ipvsadm table in the 2nd
>> (inactive) director, but as soon as you put entries into
>> ipvsadm on the backup director, the gre tunnel breaks?
> Making a connection from client n, location 1, to an 
> address on director 1, the director1 routes the packets 
> through the tunnel to location 2. Without running ipvsadm 
> on director 2, location2, the connection establishes 
> correctly and the a 600Kb file transfer works fine.
> Starting ipvsadm on the gre interface of director2, 
> location2, makes the file transfer hang due to mtu issues, 
> I presume.


any ideas? This worked with a 2.4.x kernel on the directors 
and broke when he moved to 2.6.x.

(Any code fixes aren't likely to arrive in time to help 
here.) What if you use two nics, one for the gre tunnel with 
mss set and one for ipvsadm?

> All instances on ipvsadm breaks the tunnel except if a 
> client connects before to the realserver directly as is 
> explained in the "update" email, I sent previously.

I didn't get this. You have a route from the client to 
director1, through the gre tunnel, to director2 (with no 
ipvsadm rules) to the realserver? (the realserver has a 
public IP?)


Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

More information about the lvs-users mailing list