[lvs-users] Another newbie question

Romain Meillon r.meillon at servitics.fr
Wed Apr 13 16:43:26 BST 2011


Thanks for your reply

When the real server anwers to the client through the IPVS, the packet
is 'un-NATed' and arrives to the client with the public IP as source.

If i use direct routing, the IPVS redirects the packet without NAT so
the services need to listen on the public IP, on the real server ?

Real server tcpdump in gate mode :

17:30:25.934418 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S
1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK>
17:30:25.934423 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S
1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK>
17:30:25.934467 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S
1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK>
17:30:25.934471 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S
1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK>
17:30:25.934516 IP <CLIENT_IP>.60719 > <PUB_IP>.25: S
1495274318:1495274318(0) win 8192 <mss 1460,nop,nop,sackOK>
17:30:25.934538 IP 10.254.0.100 > <CLIENT_IP>: ICMP time exceeded
in-transit, length 56

No service listening on this IP, no connection established, normal.

There is something i missed

2011/4/13 David Coulson <david at davidcoulson.net>:
> On 4/13/11 10:45 AM, Romain Meillon wrote:
>>
>> 16:31:55.428339 IP<CLIENT_IP>.59856>  10.254.0.100.25: S
>> 4217040225:4217040225(0) win 8192<mss 1460,nop,nop,sackOK>
>> 16:31:55.428402 IP 10.254.0.100.25>  <CLIENT_IP>.59856: S
>> 2200826876:2200826876(0) ack 4217040226 win 5840<mss
>> 1460,nop,nop,sackOK>
>> 16:31:55.474609 IP<CLIENT_IP>.59856>  10.254.0.100.25: . ack 1 win 64240
>> 16:31:55.505497 IP 10.254.0.100.25>  <CLIENT_IP>.59856: P 1:49(48) ack
>> 1 win 5840
>> 16:31:58.505138 IP 10.254.0.100.25>  <CLIENT_IP>.59856: P 1:49(48) ack
>> 1 win 5840
>>
>> if someone can enlighten me i would be enjoyed :)
>
> When you use Masq the response has to route back through the IPVS server to
> 'un-NAT' the packet. You may be better off using direct/gateway routing,
> which handles this type of asymmetric routing.
>
> David
>

-- 
Romain




More information about the lvs-users mailing list