[lvs-users] Another newbie question

David Coulson david at davidcoulson.net
Wed Apr 13 16:49:50 BST 2011



On 4/13/11 11:43 AM, Romain Meillon wrote:
> When the real server anwers to the client through the IPVS, the packet
> is 'un-NATed' and arrives to the client with the public IP as source.
Yep
> If i use direct routing, the IPVS redirects the packet without NAT so
> the services need to listen on the public IP, on the real server ?
>
Correct. You need to configure the virtual server IP on the real server, 
often as a /32 on the loopback. You also need to do some ARP magic to 
make it work properly.
> Real server tcpdump in gate mode :
>
> 17:30:25.934418 IP<CLIENT_IP>.60719>  <PUB_IP>.25: S
> 1495274318:1495274318(0) win 8192<mss 1460,nop,nop,sackOK>
> 17:30:25.934423 IP<CLIENT_IP>.60719>  <PUB_IP>.25: S
> 1495274318:1495274318(0) win 8192<mss 1460,nop,nop,sackOK>
> 17:30:25.934467 IP<CLIENT_IP>.60719>  <PUB_IP>.25: S
> 1495274318:1495274318(0) win 8192<mss 1460,nop,nop,sackOK>
> 17:30:25.934471 IP<CLIENT_IP>.60719>  <PUB_IP>.25: S
> 1495274318:1495274318(0) win 8192<mss 1460,nop,nop,sackOK>
> 17:30:25.934516 IP<CLIENT_IP>.60719>  <PUB_IP>.25: S
> 1495274318:1495274318(0) win 8192<mss 1460,nop,nop,sackOK>
> 17:30:25.934538 IP 10.254.0.100>  <CLIENT_IP>: ICMP time exceeded
> in-transit, length 56
>
> No service listening on this IP, no connection established, normal.
Do you have a firewall rule in place blocking this? If nothing is 
listening, I'd at least expect a TCP RST to go back to the client.

David




More information about the lvs-users mailing list