[lvs-users] Curl request from linux director to the virtual ip address times out

Viktor Nonov viktor at bigpurpledot.com
Thu Aug 16 19:47:30 BST 2018

Hello Julian,

Your answer helped me solve the problem:

Since the box has its public facing interface setup with $DIP and an alias
interface for the $VIP I needed to make one more additional setting shown

Replacing the route enabled successfully sending and delivering  the SYN
packet to one of the real servers, but the SYN-ACK packet that was received
was considered by the kernel a martian packet since the source IP was $VIP
(assigned to the director's local interface) and destination IP - the $DIP.
This was solved by setting accept_local to 1:
sysctl -w net.ipv4.conf.all.accept_local=1

So in summary:
ip route replace local $VIP dev $DEV proto kernel scope host src $DIP
sysctl -w net.ipv4.conf.all.accept_local=1

Not sure if setting accept_local to 1 will lead to other problems, but
everything works okay for now.

Thanks for you help,

On Wed, Aug 8, 2018 at 10:33 PM Julian Anastasov <ja at ssi.bg> wrote:

>         Hello,
> On Wed, 8 Aug 2018, Viktor Nonov wrote:
> > I have a pretty simple setup for 2 real servers getting direct routing
> from
> > a linux director.
> > [image: unnamed.png]
> > Things work great for clients outside of the network (like from my local
> > machine), but if I try to make a request (through curl) to the VIP from
> the
> > Linux Director machine, I get a timeout & no requests make it to the Real
> > Server.
> >
> > Any pointers?
>         Probably because VIP is used as source IP in director. Try
> ip route replace local $VIP dev $DEV proto kernel scope host src $DIP
> where VIP is your virtual IP and DIP is your unique IP in director.
> Before that you can see the route that is to be replaced with
> ip route list table local
> Regards
> --
> Julian Anastasov <ja at ssi.bg>
Viktor Nonov
Software Engineer
<img src="

More information about the lvs-users mailing list