Nick Wilson wrote:
> Hi,
>
> I'm trying to get LVS/IPVS to work for my desired configuration, but
> facing a weird problem, most likely due to a simple mistake somewhere.
>
> For now, I've created one load balancer VM (running Ubuntu 18.04 with
> LVS director 1.28-3) and one real server VM (running Ubuntu 18.04).
>
> Both the VMs are in different data-centres (different networks), so
> I'm trying to make the load balancer and real server work over IP
> tunneling mode based on this guide:
> https://medium.com/@ppan.brian/ipvs-using-ipip-tunnel-ca180c7f4fd8
FWIW, I have had an LVS on IPIP tunneling setup running for 14-15 years,
currently with some 80 backends, also spread across multiple
datacentres.
> I've got it working to the point where if a client sends a request to
> load balancer VIP, then it forwards the request to the real server,
> which is running a simple HTTP web server 'python3 -m http.server
> 8000' (has a 'Hello World' index page), but the real server never
> responds back, and the request times-out.
> Using tcpdump, I can see the request hitting the director, and then
> hitting the real server, and the real server responding back to the
> client IP with a zero length response (ack?), that goes on for 4-5
> times until timeout. Tunneling seems to be working but the web server
> doesn't intercept and respond to the request. Requesting the real
> server IP directly works fine though.
Wait - you say "hitting the real server, and the real server responding
back to the client IP with a zero length response (ack?)", but
then "but the web server doesn't intercept and respond to the
request" ?
Dunno if this'll help, but maybe:
My setup, very briefly -
2 directors, 80 backends. Each backend is connected via an IPIP tunnel
with a network range 10.0.x.x/30 assigned.
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 88.198.198.123:25 wlc
-> 10.0.1.146:25 Masq 1000 10 13
-> 10.0.1.142:25 Masq 1000 11 7
-> 10.0.1.138:25 Masq 1000 11 6
-> 10.0.1.134:25 Masq 1000 11 4
-> 10.0.1.130:25 Masq 1000 10 10
[snip]
4: ipip0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue
state UNKNOWN group default qlen 1000
link/ipip 46.4.89.115 peer 88.198.198.125
inet 10.0.1.146/30 brd 10.0.1.147 scope global ipip0
valid_lft forever preferred_lft forever
inet6 fe80::200:5efe:2e04:5973/64 scope link
valid_lft forever preferred_lft forever
I have a separate route table :
# ip route show table fe1only
default via 10.0.1.145 dev ipip0
10.0.1.144/30 dev ipip0 scope link src 10.0.1.146
10.0.2.144/30 dev ipip1 scope link src 10.0.2.146
127.0.0.0/8 dev lo scope link
I direct traffic to use that table by setting an fwmark and using an ip
rule.
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
MARK tcp -- 0.0.0.0/0 46.4.89.115 tcp
dpt:10031 MARK set 0x14
MARK tcp -- 10.0.1.144/30 0.0.0.0/0 tcp dpt:25
MARK set 0xa
--
Per Jessen, Zürich (1.6°C)
http://www.hostsuisse.com/ - virtual servers, made in Switzerland.
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-requ...@linuxvirtualserver.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
