[lvs-users] LVS tun not working

Anil Sharma toanilsharma1 at gmail.com
Mon Oct 6 15:56:46 BST 2008


Hi Sameer,

I have resolved this problem, actually the problem is with my
arno-iptablefirewall, i shut down the firewall at Real servers and
configured the Real servers again for tunuling and ARP ignore/announce, it
worked fine, i run this test several times.

BUT THE real BIG problem is, i can not shutdown the arno-iptables-firewall
on production machines. I guess, as i am doing tunling which is ipip
incapsulation, firewall is rejecting those IP packates. May be they are
filtered by spoofing filter. thats why nothing on tcpdum at port 443.

Do you know how to modify this rule in iptable.

Regards
Anil Sharma


On Mon, Oct 6, 2008 at 3:41 PM, Sameer Garg <sameer.garg at gmail.com> wrote:

> Hi Anil,
>
> You mentioned running netstat -nl. Did you do that on the director?
> netstat -nl will not report nothing about the LVS.
>
> I would suggest trying port 80 first. Once you get that working you
> can switch to 443.
>
> Sameer Garg
>
>
> On Tue, Sep 30, 2008 at 10:11 PM, Anil Sharma <toanilsharma1 at gmail.com>
> wrote:
> > i am load balancing across the WAN( three different networks). i tried
> > NATing, but it din't worked, So i am Trying TUNLing.
> > i did following stuff.
> >
> > *At Load balancer:--   i did following*
> > **
> > First i did ipforward to 1 in sysctl.cfg file and then
> > I added following stuff in the /etc/network/interfaces file
> > auto eth0:0
> > iface eth0:0 inet static
> >        address 192.92.35.1
> >        netmask 255.255.255.255
> >
> > After that restarted the network. i am also able to ping my VIP.
> >
> >
> > ipvsadm -A -t 192.92.35.1:443 -s rr
> > ipvsadm -a -t 192.92.35.1:443 -r 91.111.211.57:443 -i
> > ipvsadm -a -t 192.92.35.1:443 -r 91.121.111.43:443 -i
> >
> > *and at Real servers:-- i did following*
> > **
> > ifconfig tunl0 up 0.0.0.0
> > ifconfig tunl0 192.92.35.1 netmask 255.255.255.255 broadcast 192.92.35.1
> >
> > echo "1" > /proc/sys/net/ipv4/conf/all/hidden
> > echo "1" > /proc/sys/net/ipv4/conf/tunl0/hidden
> > echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
> > echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
> > echo "1" > /proc/sys/net/ipv4/conf/tunl0/arp_ignore
> > echo "2" > /proc/sys/net/ipv4/conf/tunl0/arp_announce
> > echo "0" > /proc/sys/net/ipv4/conf/tunl0/rp_filter
> > echo "1"> /proc/sys/net/ipv4/ip_forward
> >
> > i remember once i tried this kind of configuration and it worked, but
> now,
> > strange to me, it is not working.
> > Ldirector is working fine and able to retrive the test.html file which i
> > have placed to test the real web servers.
> >
> > May you tell me what i have done wrong or what else i should do.
> >
> > Regards
> > Anil Sharma
> >
> >
> > On Tue, Sep 30, 2008 at 4:36 PM, Malcolm Turnbull
> > <malcolm at loadbalancer.org>wrote:
> >
> >> LVS doesn't bind to any ports.
> >>
> >> Have you set up the tunnel for traffic as per the manual?
> >>  (I've never personally used TUN and probably ought to try it sometime.)
> >>
> >> Also if you want cross WAN load balancing you may be better of with
> >> something like HaProxy.
> >>
> >>
> >>
> >>
> >>
> >> 2008/9/30 Anil Sharma <toanilsharma1 at gmail.com>:
> >>  > I have configured LVS TUN in front of two apache Https servers.
> >> >
> >> > but when i do netstat -nl it shows that my VIP listening at port 53
> not
> >> on
> >> > port 443 which i specified
> >> >
> >> > idid  it by following command
> >> >
> >> >  ipvsadm -A -t IPDIRECTOR:443 -s rr
> >> >
> >> > Proto   Recv-Q     Send-Q       Local Address           Foreign
> >> > Address         State
> >> > tcp        0                0             192.92.35.1:53
> >> > 0.0.0.0:*
> >> > LISTEN
> >> > can anybody tell me the reason ?
> >> >
> >> > i can see in tcpdump that request event not foewarded to real
> >> servers.even
> >> > LVS is not ACk the client.
> >> > is it due to LVS not listening at 443??
> >> >
> >> > how to rectify this problem.
> >> >
> >> > i am using UBUNtu 8.1 server
> >> >
> >> > Regards
> >> > Anil Sharma
> >> > _______________________________________________
> >> > LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> >> > Send requests to lvs-users-request at LinuxVirtualServer.org
> >> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >> >
> >>
> >>
> >>
> >> --
> >> Regards,
> >>
> >> Malcolm Turnbull.
> >>
> >> Loadbalancer.org Ltd.
> >> Phone: +44 (0)870 443 8779
> >> http://www.loadbalancer.org/
> >>
> >> _______________________________________________
> >> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> >> Send requests to lvs-users-request at LinuxVirtualServer.org
> >> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >>
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> > Send requests to lvs-users-request at LinuxVirtualServer.org
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> >
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>



More information about the lvs-users mailing list