[lvs-users] LVS/TUN Help with FWMARK

Jesper Dangaard Brouer brouer at redhat.com
Thu Jun 28 10:46:22 BST 2012


On Thu, 2012-06-28 at 09:56 +0300, Julian Anastasov wrote:
> On Thu, 28 Jun 2012, Jenny Lee wrote:
> 
> > On MACHINE 2, I run:
> >  
> > service iptables stop
> > modprobe ipip
> > ip addr add 1.1.1.3/32 dev tunl0
> 
> 	Can this help?
> 
> cat /proc/sys/net/ipv4/conf/tunl0/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/tunl0/rp_filter

Hi Jenny

The problem is most likely Reverse Path Filtering, like Julian is
pointing out.

Please provide output of command:
 grep . /proc/sys/net/ipv4/conf/*/rp_filter

You also have to make sure the the "all" rp_filter = 0, by running:

 echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter


For IPVS TUN mode I recommend that you edit your /etc/sysctl.conf and
add:
 net.ipv4.conf.default.rp_filter = 0
 net.ipv4.conf.all.rp_filter = 0


You mentioned your were using different datacenters. Do notice that the
datacenter might also have implemented Reverse Path Filtering on their
border routers, which will cause your responses to be dropped... but
this should at least get you a step further.

-- 
Best regards,
  Jesper Dangaard Brouer
  MSc.CS, Sr. Network Kernel Developer at Red Hat
  Author of http://www.iptv-analyzer.org
  LinkedIn: http://www.linkedin.com/in/brouer






More information about the lvs-users mailing list