[lvs-users] ack (3. step of tcp handshake) from CIP does not get directed(dr) as expected

Michael Schwartzkopff misch at multinet.de
Tue Jul 14 10:30:06 BST 2009


Am Montag, 13. Juli 2009 21:51:03 schrieb Axel Christiansen:
> Hello All!
>
>
> it's for the first time i am using Ultramonkey and i got stock
> with a little problem.
>
>                          ________
>
>                         | client |
>                         |________|
> 			   |
> 			   | CIP
>
> 			(router)
>
> 			   | GEP
>
>                   (packetfilter, firewall)
>
>                             | GIP
>
>           +-----------------+
>
>       RIP1, VIP         RIP2, VIP
>      ____________      ____________
>
>     |director1   |    |director2   |
>
>      ____________      ____________
>
>     |realserver1 |    |realserver2 |
>     |____________|    |____________|
>
> CIP  = some inet ip
> GEP  = fixed inet ip
> GIP  = 217.0.0.1
> VIP  = 217.0.0.10
> RIP1 = 217.0.0.101
> RIP2 = 217.0.0.102
>
>
>
>
> aw1:~# ipvsadm -ln
> IP Virtual Server version 1.2.1 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
>    -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> TCP  217.0.0.10:80 rr
>    -> 217.0.0.101:80               Local   1      21         2005
>    -> 217.0.0.102:80               Route   1      6          678
>
>
>
>
> aw1:~# cat /etc/ha.d/haresources
> aw1.aw.int \
>   ldirectord::ldirectord.cf \
>   LVSSyncDaemonSwap::master \
>   IPaddr2::217.0.0.10/24/eth0:1/217.0.0.255
>
>
>
>
> aw1:~# cat /etc/ha.d/ldirectord.cf
> checktimeout=10
> checkinterval=2
> autoreload=no
> logfile="local0"
> quiescent=yes
>
> virtual=217.0.0.10:80
>          real=217.0.0.101:80 gate
>          real=217.0.0.102:80 gate
>          fallback=127.0.0.1:80 gate
>          service=http
>          request="ldirector.html"
>          receive="Test Page"
>          scheduler=rr
>          protocol=tcp
>          checktype=negotiate
>
>
>
>
>
> So it is a setup with director and service on the
> same hosts.
>
> It's working not too bad except for one thing. The service does
> not get balanced quite right.
>
> I do not get too much into setup details, cause i tracked down
> the problem pretty much.
>
>
> With only the active director and the traffic directed to it's
> local service, it's working fine. When having the www service on
> DIRECTOR2 turned on, the DIRECTOR1 recognizes the reachable
> www2 on DIRECTOR2 and starts distributing the sessions/sockets.
> And here the trouble starts.
>
> 1 Client send tcp syn to DIRECTOR1(vip)
> 2 DIRECTOR1 forwards tcp syn to www2
> 3 www2 answers with syn ack directly(dr) to client
> 4 Client answers with ack to DIRECTOR1(vip)
>
> NOW, that ack does not get to www2. Instead, the
> DIRECTOR1/www1 sends back an reset to Client.
>
> Thats strange. It looks like, the www1 gets the ack packet, and
> since www1 did never see a tcp syn from Client, it sends
> a reset, i gess.
>
> What am i doing wrong? Why is DIRECTOR1 forwarding the syn
> to www2, but the ack?
>
>
> For any help i would be very pleased.
>
>
> Thanks for trying to understand my problem ;)
>
>
>
> Axel

Hi,

Did you turn off arp_announce on the real servers? See:
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.arp_problem.html

Did you trace the packages with tcpdump, includung for all correct MAC 
addresses?
tcpdump -net -i ...


-- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75

mail: misch at multinet.de
web: www.multinet.de

Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens

---

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42




More information about the lvs-users mailing list