'[Keepalived-announce] Keepalived config issue: Keepalived version v v1.1.20 on Debian Squeeze'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       keepalived-announce
Subject:    [Keepalived-announce] Keepalived config issue: Keepalived version v v1.1.20 on Debian Squeeze
From:       "Shaun McCullagh" <shaun.mccullagh () robein ! nl>
Date:       2013-01-03 16:00:55
Message-ID: 0EB47234BAE56043B5A0CB67711D208A01CDB386 () exch1 ! win ! robein ! intern
[Download RAW message or body]

Hi,

I would like to run a very simple Keepalived config that NATs browser
requests to two virtual servers.
Each virtual server has two real servers.

When I start Keepalived it reports the real servers are working fine.
If I login to the Debian instance running keepalived I can reach the
real servers when I telnet to the Virtual server IPs.

However when I telnet to the virtual ips from a remote host, keepalived
will not forward the packets to the real servers.

Here we can see a trace of a connection from 192.168.120.210 to virtual
IP 10.7.110.100,
But no traffic is forwarded to either real server on 10.7.111.10 or
10.7.111.11

root@loadbalancer1:~# tcpdump -nn -i eth0 port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:48:06.527033 IP 192.168.120.210.49850 > 10.7.110.100.443: Flags [S],
seq 1630592464, win 8192, options [mss 1380,nop,wscale
8,nop,nop,sackOK], length 0
16:48:06.527062 IP 192.168.120.210.49850 > 10.7.111.10.443: Flags [S],
seq 1630592464, win 8192, options [mss 1380,nop,wscale
8,nop,nop,sackOK], length 0


I can confirm ip forwarding is enabled and iptables is open:

root@loadbalancer1:~# cat /proc/sys/net/ipv4/ip_forward
1

I start keepalived thus:    /usr/sbin/keepalived -D -l -d -S7

I've attached the master config

I'm pretty desperate to solve this, I'm sure I've made a trivial error,
but I cannot find it,
So any advice would be greatly appreciated.

All the systems are located within a VPN hence the use of private
addresses.

TIA 

Shaun McCullagh

root@loadbalancer1:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
    link/ether 00:50:56:89:3f:97 brd ff:ff:ff:ff:ff:ff
    inet 10.7.110.10/24 brd 10.7.110.255 scope global eth0
    inet 10.7.110.100/32 scope global eth0:0
    inet 10.7.110.200/32 scope global eth0:1


root@loadbalancer1:~# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.7.110.100:https rr persistent 86400
  -> 10.7.111.10:https            Masq    1      2          0
  -> 10.7.111.11:https            Masq    1      2          0
TCP  10.7.110.200:https rr persistent 86400
  -> 10.7.112.10:https            Masq    1      1          0
  -> 10.7.112.11:https            Masq    1      1          0

! Configuration File for keepalived

global_defs {
   router_id RS}


vrrp_instance V_1 {
        state MASTER
        interface eth0
        virtual_router_id 50
        priority 100
        advert_int 10
        authentication {
                auth_type PASS
                auth_pass xxxx
        }
        virtual_ipaddress {
                10.7.110.100 label eth0:0
                10.7.110.200 label eth0:1
        }
}


virtual_server 10.7.110.200 443 {
    delay_loop 600
    lb_algo rr
    lb_kind NAT
    persistence_timeout 86400
    protocol TCP

    real_server 10.7.112.10 443 {
        weight 1
        TCP_CHECK {
          connect_timeout 10   
          connect_port    443
        }
    }
    real_server 10.7.112.11 443 {
        weight 1   
        TCP_CHECK {
          connect_timeout 10  
          connect_port    443
        }
    }
}

virtual_server 10.7.110.100 443 {
    delay_loop 60
    lb_algo rr
    lb_kind NAT
    persistence_timeout 86400
    protocol TCP

    real_server 10.7.111.10 443 {
        weight 1     
        TCP_CHECK {  
          connect_timeout 10  
          connect_port    443 
        }
    }
    real_server 10.7.111.11 443 {
        weight 1    
        TCP_CHECK { 
          connect_timeout 10   
          connect_port    443
        }
    }
}



------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
_______________________________________________
Keepalived-announce mailing list
Keepalived-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/keepalived-announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic