[lvs-users] Packets Not Reaching Real Server

Nick Leli nicholasleli at gmail.com
Mon Nov 21 18:26:20 GMT 2016


Hi Everyone,

I am trying to learn LVS and have created the setup below (better
formatting at Server Fault http://serverfault.com/questions/816026/lvs-load-
balancer-not-getting-response).  The LVS setup seems correct, but it
appears that the connections never make it to the real server, even though
traffic is being sent from the director.  I am under the impression that no
iptables rules are required since the real server is added with
masquerade.  Is this incorrect?  I have read through the HOWTO multiple
times but am not clear on what is needed.

**Director Host**

root at ip-172-31-16-196:/home/ubuntu# cat  /proc/sys/net/ipv4/ip_forward
1

root at ip-172-31-16-196:/home/ubuntu# ifconfig
    eth0      Link encap:Ethernet  HWaddr 06:a0:5b:48:1b:f5
              inet addr:172.31.16.196  Bcast:172.31.31.255
 Mask:255.255.240.0
              inet6 addr: fe80::4a0:5bff:fe48:1bf5/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:9001  Metric:1
              RX packets:4211 errors:0 dropped:0 overruns:0 frame:0
              TX packets:3692 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:416625 (416.6 KB)  TX bytes:406446 (406.4 KB)

    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:173 errors:0 dropped:0 overruns:0 frame:0
              TX packets:173 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1
              RX bytes:12776 (12.7 KB)  TX bytes:12776 (12.7 KB)

root at ip-172-31-16-196:/home/ubuntu# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.31.16.196:80 rr
  -> 172.31.16.195:80             Masq    1      0          0

root at ip-172-31-16-196:/home/ubuntu# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes
OutBytes
  -> RemoteAddress:Port
TCP  172.31.16.196:80                   23      122        0     6436
 0
  -> 172.31.16.195:80                   23      122        0     6436
 0

root at ip-172-31-16-196:/home/ubuntu# curl 172.31.16.195-vv
* Rebuilt URL to: 172.31.16.195/
*   Trying 172.31.16.195...
* Connected to 172.31.16.195 (172.31.16.195) port 80 (#0)
> GET / HTTP/1.1
> Host: 172.31.16.195
> User-Agent: curl/7.47.0
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Server: SimpleHTTP/0.6 Python/2.7.12
< Date: Mon, 21 Nov 2016 04:59:04 GMT
< Content-type: text/html
< Content-Length: 26
< Last-Modified: Mon, 21 Nov 2016 00:58:21 GMT
<
>From server 172.31.16.195
* Closing connection 0

# Show the public IP of this host
root at ip-172-31-16-196:/home/ubuntu# wget http://ipinfo.io/ip -qO -
52.15.105.107

**Backend Server**

root at ip-172-31-16-195:/home/ubuntu# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
    PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
     2444/python
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
     1221/sshd
tcp6       0      0 :::22                   :::*                    LISTEN
     1221/sshd

root at ip-172-31-16-195:/home/ubuntu# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
>From Remote Client

# Hitting the public IP
$ curl -vvv http://52.15.105.107/
*   Trying 52.15.105.107...
* Connected to 52.15.105.107 (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 52.15.105.107
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 504 Gateway Time-out
< Server: ScanSafe
< Mime-Version: 1.0
< Date: Mon, 21 Nov 2016 05:40:50 GMT
< Content-Type: text/html
< Content-Length: 1664
< X-ScanSafe-Error: ERR_CONNECT_FAIL 110
< Keep-Alive: 60
< Via: HTTP/1.1 proxy10829


More information about the lvs-users mailing list