[lvs-users] ack (3. step of tcp handshake) from CIP does not get directed(dr) as expected

Axel Christiansen christiansen at abgeordnetenwatch.de
Mon Jul 13 20:51:03 BST 2009


Hello All!


it's for the first time i am using Ultramonkey and i got stock
with a little problem.

                         ________
                        |        |
                        | client |
                        |________|
			   | CIP
                            |
			(router)
			   |
			   | GEP
                  (packetfilter, firewall)
                            | GIP
                            |
                            |
          +-----------------+
          |                 |
      RIP1, VIP         RIP2, VIP
     ____________      ____________
    |            |    |            |
    |director1   |    |director2   |
     ____________      ____________
    |            |    |            |
    |realserver1 |    |realserver2 |
    |____________|    |____________|


CIP  = some inet ip
GEP  = fixed inet ip
GIP  = 217.0.0.1
VIP  = 217.0.0.10
RIP1 = 217.0.0.101
RIP2 = 217.0.0.102




aw1:~# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  217.0.0.10:80 rr
   -> 217.0.0.101:80               Local   1      21         2005
   -> 217.0.0.102:80               Route   1      6          678




aw1:~# cat /etc/ha.d/haresources
aw1.aw.int \
  ldirectord::ldirectord.cf \
  LVSSyncDaemonSwap::master \
  IPaddr2::217.0.0.10/24/eth0:1/217.0.0.255




aw1:~# cat /etc/ha.d/ldirectord.cf
checktimeout=10
checkinterval=2
autoreload=no
logfile="local0"
quiescent=yes

virtual=217.0.0.10:80
         real=217.0.0.101:80 gate
         real=217.0.0.102:80 gate
         fallback=127.0.0.1:80 gate
         service=http
         request="ldirector.html"
         receive="Test Page"
         scheduler=rr
         protocol=tcp
         checktype=negotiate





So it is a setup with director and service on the
same hosts.

It's working not too bad except for one thing. The service does
not get balanced quite right.

I do not get too much into setup details, cause i tracked down
the problem pretty much.


With only the active director and the traffic directed to it's
local service, it's working fine. When having the www service on
DIRECTOR2 turned on, the DIRECTOR1 recognizes the reachable
www2 on DIRECTOR2 and starts distributing the sessions/sockets.
And here the trouble starts.

1 Client send tcp syn to DIRECTOR1(vip)
2 DIRECTOR1 forwards tcp syn to www2
3 www2 answers with syn ack directly(dr) to client
4 Client answers with ack to DIRECTOR1(vip)

NOW, that ack does not get to www2. Instead, the
DIRECTOR1/www1 sends back an reset to Client.

Thats strange. It looks like, the www1 gets the ack packet, and
since www1 did never see a tcp syn from Client, it sends
a reset, i gess.

What am i doing wrong? Why is DIRECTOR1 forwarding the syn
to www2, but the ack?


For any help i would be very pleased.


Thanks for trying to understand my problem ;)



Axel
















More information about the lvs-users mailing list