[lvs-users] Another newbie question

Romain Meillon r.meillon at servitics.fr
Thu Apr 14 10:47:40 BST 2011


I'm using 2.6.32-5-xen-amd64 from debian repo, here is the ipvs config, :

CONFIG_IP_VS=m
CONFIG_IP_VS_IPV6=y
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_AH_ESP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m

These modules are loaded :

ip_vs                  81576  24
ip_vs_wrr,ip_vs_wlc,ip_vs_sh,ip_vs_sed,ip_vs_rr,ip_vs_nq,ip_vs_lc,ip_vs_lblcr,ip_vs_lblc,ip_vs_ftp,ip_vs_dh

In masq mode, the connection is established, but you are right, there
is checksum errors, and retransmissions until SMTP timeout exceeded :

Transmission Control Protocol, Src Port: smtp (25), Dst Port: 51662
(51662), Seq: 1, Ack: 1, Len: 48
    Source port: smtp (25)
    Destination port: 51662 (51662)
    [Stream index: 34]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 49    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 5888 (scaled)
    Checksum: 0xcfef [incorrect, should be 0x43cd (maybe caused by
"TCP checksum offload"?)]
    [SEQ/ACK analysis]
Simple Mail Transfer Protocol
    Response: 220 mtatest.servitics.fr Servitics SMTP Server\r\n

On the IPVS, all packets back from the real server have checksum
errors, i'll try to find why :

11:18:27.844380 IP (tos 0x0, ttl 118, id 10288, offset 0, flags [DF],
proto TCP (6), length 48)
    <PUB_IP>.51749 > 10.254.0.100.25: Flags [S], cksum 0xd148
(correct), seq 786497704, win 8192, options [mss 1460,nop,nop,sackOK],
length 0
11:18:27.844843 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
TCP (6), length 48)
    10.254.0.100.25 > <PUB_IP>.51749: Flags [S.], cksum 0xfea2
(correct), seq 1246531960, ack 786497705, win 5840, options [mss
1460,nop,nop,sackOK], length 0
11:18:27.904216 IP (tos 0x0, ttl 118, id 10297, offset 0, flags [DF],
proto TCP (6), length 40)
    <PUB_IP>.51749 > 10.254.0.100.25: Flags [.], cksum 0x4746
(correct), ack 1, win 64240, length 0
11:18:27.933729 IP (tos 0x0, ttl 64, id 7442, offset 0, flags [DF],
proto TCP (6), length 88)
    10.254.0.100.25 > <PUB_IP>.51749: Flags [P.], cksum 0x9859
(incorrect -> 0xc3d1), seq 1:49, ack 1, win 5840, length 48
11:18:30.930244 IP (tos 0x0, ttl 64, id 7443, offset 0, flags [DF],
proto TCP (6), length 88)
    10.254.0.100.25 > <PUB_IP>.51749: Flags [P.], cksum 0x9859
(incorrect -> 0xc3d1), seq 1:49, ack 1, win 5840, length 48

Regards,

-- 
Romain

2011/4/13 Julian Anastasov <ja at ssi.bg>:
>
>        Hello,
>
> On Wed, 13 Apr 2011, Romain Meillon wrote:
>
>> Hello,
>>
>> Before posting here i searched on google and followed the howto in
>> this page : http://www.ssi.bg/~ja/L4-NAT-HOWTO.txt without success..
>>
>> I'm trying to configure IPVS 1.2.1 (debian squeeze) in a simple way
>
>        What is the kernel version and how the IPVS is
> configured?
>
> uname -a
> grep IP_VS .config
>
>> for an SMTP and HTTP services (just one real server for the moment)
>> for a future use with ldirectord:
>>
>> Client <--internet--> IPVS <--LAN--> Real Server (10.254.0.100)
>>
>> not really difficult, i need masquerade, just put this in ipvsadm :
>>
>> /sbin/ipvsadm -A -t <PUB_IP>:25 -s rr
>> /sbin/ipvsadm -a -t <PUB_IP>:25 -r 10.254.0.100:25 -m -w 1
>>
>> /sbin/ipvsadm -A -t <PUB_IP>:80 -s rr
>> /sbin/ipvsadm -a -t <PUB_IP>:80 -r 10.254.0.100:25 -m -w 1
>>
>> Netfilter (+ ip_forward=1) :
>> iptables -t nat -A POSTROUTING -s 10.254.0.100/24 -j MASQUERADE
>>
>> The real server have the IPVS as default gateway and can ping the
>> client, if I telnet the real server from IPVS, i've got the expected
>> results (SMTP CLI, or HTTP code).
>>
>> >From an internet client, the connection is established, but the
>> service does not answer correctly, telnet stay empty or web browser
>> wait for the IPVS without having any HTTP code..
>>
>> # ipvsadm -L
>> IP Virtual Server version 1.2.1 (size=4096)
>> Prot LocalAddress:Port Scheduler Flags
>>   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
>> TCP  <PUB_IP>:smtp rr
>>   -> 10.254.0.100:smtp            Masq    1      0          0
>> TCP  <PUB_IP>:www rr
>>   -> 10.254.0.100:www             Masq    1      0          1
>>
>> Here is the tcpdump output on LVS when the client try to telnet the
>> SMTP service, same when i try to open a web page :
>>
>> 16:21:36.176384 IP <CLIENT_IP>.59643 > 10.254.0.100.25: Flags [S], seq
>> 479176996, win 8192, options [mss 1460,nop,nop,sackOK], length 0
>> 16:21:36.176757 IP 10.254.0.100.25 > <CLIENT_IP>.59643: Flags [S.],
>> seq 1080015144, ack 479176997, win 5840, options [mss
>> 1460,nop,nop,sackOK], length 0
>> 16:21:36.223255 IP <CLIENT_IP>.59643 > 10.254.0.100.25: Flags [.], ack
>> 1, win 64240, length 0
>
>        ACK means TCP connection is established.
>
>> 16:21:36.226166 IP 10.254.0.100.25 > <CLIENT_IP>.59643: Flags [P.],
>> seq 1:49, ack 1, win 5840, length 48
>> 16:21:39.222989 IP 10.254.0.100.25 > <CLIENT_IP>.59643: Flags [P.],
>> seq 1:49, ack 1, win 5840, length 48
>> 16:21:45.223284 IP 10.254.0.100.25 > <CLIENT_IP>.59643: Flags [P.],
>> seq 1:49, ack 1, win 5840, length 48
>
>        Can you check in client if the above packets are
> received with checksum errors? Add -v to tcpdump in client
> box and in other boxes too. I assume the above output shows
> only traffic between real server and director.
>
>        Also, when testing DR mode the arp_ignore and
> arp_announce flags should be configured on ethernet
> devices, not on loopback. This is different from the
> hidden flag that was used before.
>
>> and the tcpdump from the real server :
>>
>> 16:31:55.428339 IP <CLIENT_IP>.59856 > 10.254.0.100.25: S
>> 4217040225:4217040225(0) win 8192 <mss 1460,nop,nop,sackOK>
>> 16:31:55.428402 IP 10.254.0.100.25 > <CLIENT_IP>.59856: S
>> 2200826876:2200826876(0) ack 4217040226 win 5840 <mss
>> 1460,nop,nop,sackOK>
>> 16:31:55.474609 IP <CLIENT_IP>.59856 > 10.254.0.100.25: . ack 1 win 64240
>> 16:31:55.505497 IP 10.254.0.100.25 > <CLIENT_IP>.59856: P 1:49(48) ack
>> 1 win 5840
>> 16:31:58.505138 IP 10.254.0.100.25 > <CLIENT_IP>.59856: P 1:49(48) ack
>> 1 win 5840
>>
>> if someone can enlighten me i would be enjoyed :)
>>
>> Thanks a lot!
>>
>> --
>> Romain
>
> Regards
>
> --
> Julian Anastasov <ja at ssi.bg>
>




More information about the lvs-users mailing list