'[Keepalived-devel] configuration problem with kernels > 2.6.8'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       keepalived-devel
Subject:    [Keepalived-devel] configuration problem with kernels > 2.6.8
From:       "Holger Brueckner [c]" <hb () ciphirelabs ! com>
Date:       2005-11-04 13:30:55
Message-ID: 1131111055.2984.20.camel () localhost
[Download RAW message or body]

hello

we're having a rather strange issue here with kernels > 2.6.8
the following configuration works with kernel 2.6.8.1 but does 
not with current kernels.


00_0proxy   -----+----- 00 loadbalancer      
                 |
00_1proxy   -----+
                 |
01_0proxy   -----+----- 01 loadbalancer
                 |
01_1proxy   -----+

with kernel 2.6.8.1 and ipvsadm v1.24 / IPVS v1.2.0 the attached
configuration works as expected. with newer kernels > 2.6.10 it doesn't.
any clues what i'm doing wrong would be appreciated.

symptom:

connection to port 3888 is forwarded from the loadbalancer to one of the
proxies. proxy sends reply but the answer doesn't leave the
loadbalancer. it looks like SNAT on the loadbalancer is not working
properly.

if you need more details please let me know, i also have a kernel
version with debugging enabled.

 global_defs {
  notification_email {
   err@some.domain
   }
 smtp_server 127.0.0.1 port 25
 smtp_connect_timeout 12
 lvs_id lb_dnr00
 }

vrrp_sync_group Proxy00 {
  group {
  Load_Balancers_BY_00
  proxycluster.00.sxy.some.domain
  }
 }

vrrp_sync_group Proxy01 {
  group {
  Load_Balancers_BY_01
  proxycluster.01.sxy.some.domain
  }
 }

 vrrp_instance Load_Balancers_BY_00 {
 state MASTER
 interface pubpri

  virtual_router_id 50
  priority 90
  advert_int 2
  smtp_alert
  authentication {
  auth_type PASS
  auth_pass example
  }
  virtual_ipaddress {
 10.0.5.40/23
  }
 }

 vrrp_instance Load_Balancers_BY_01 {
 state BACKUP
 interface pubpri

  virtual_router_id 51
  priority 50

  advert_int 2

  smtp_alert

  authentication {
  auth_type PASS
  auth_pass example
  }

  virtual_ipaddress {
 10.0.21.40/23
  }
 }

 vrrp_instance proxycluster.00.sxy.some.domain {
  state MASTER
  interface proxy00

  virtual_router_id 52
  priority 90
  advert_int 2
  smtp_alert
  authentication {
  auth_type PASS
  auth_pass example
  }
  virtual_ipaddress {
  10.8.6.40/23
  888.888.888.888/32
  }
 }

 virtual_server 888.888.888.888 3888 {
 delay_loop 6

  lb_algo sh
  lb_kind NAT

  protocol TCP

 real_server 10.8.7.64 3888 {

 weight 1

  TCP_CHECK {
  connect_timeout 30
  connect_port 3888
  }
  }

 real_server 10.8.7.65 3888 {

 weight 1

  TCP_CHECK {
  connect_timeout 30
  connect_port  3888
  }
  }
 }

vrrp_instance proxycluster.01.sxy.some.domain {
  state BACKUP
  interface proxy01
  !lvs_sync_daemon_interface proxy01
  !mcast_src_ip 10.8.22.44
   virtual_router_id 53
  priority 50
  advert_int 2
  smtp_alert
  authentication {
  auth_type PASS
  auth_pass example
  }
  virtual_ipaddress {
  10.8.22.40/23
  999.999.999.999/32
  }
 }


 virtual_server 999.999.999.999 3888 {
 delay_loop 6

  lb_algo sh
  lb_kind NAT
  protocol TCP

 real_server 10.8.23.64 3888 {

 weight 1

  TCP_CHECK {
  connect_timeout 30
  connect_port 3888
  }
  }


 real_server 10.8.23.65 3888 {

 weight 1

  TCP_CHECK {
  connect_timeout 30
  connect_port  3888
  }
  }
 }







--
------------------------ [ SECURITY NOTICE ] ------------------------
To: keepalived-devel@lists.sourceforge.net.
For your security, hb@ciphirelabs.com
digitally signed this message on 04 November 2005 at 13:30:56 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
------------------- [ CIPHIRE DIGITAL SIGNATURE ] -------------------
Q2lwaGlyZSBTaWcuAjhrZWVwYWxpdmVkLWRldmVsQGxpc3RzLnNvdXJjZWZvcmdlLm5ld
ABoYkBjaXBoaXJlbGFicy5jb20AZW1haWwgYm9keQDTCAAAfAB8AAAAAQAAAJBia0PTCA
AA+AIAAgACAAIAIPIh6RkYmeZcQRIJZYy7b0sQ3bMYMvm8+Po9XBPY0pNnAQAPjqtled7
ohMXyims3EKzyrw6OVIEN+mt2h+UbCMAsTJJpkAETmmu0b13y7k3REWPBkg9E7AVJK9E4
abcNGKYmOQDHU2lnRW5k
--------------------- [ END DIGITAL SIGNATURE ] ---------------------



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Keepalived-devel mailing list
Keepalived-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/keepalived-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic