LVS(UltraMonkey) Director does not forward requests

fentisen · 03-27-2006, 07:14 AM

Hi,

Iam trying to set up a LVS using UltraMonkey. The layout atm is the following: One Director and two Realservers, running apache.
The director finds the realservers, but i cannot access the webservice using the Directors external-ip. When ldriector is up n running then ipvsadm generates this output:

Code:

IP Virtual Server version 1.2.0 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  static-213-115-187-XXX.sme.b rr
  -> www1:www                     Masq    1      0          0
  -> www2:www                     Masq    1      0          0

Here is the /etc/ha.d/ldirectord.cf

Code:

checktimeout=10
checkinterval=2
#fallback=127.0.0.1:80
autoreload=no
logfile="/var/log/ldirectord.log"
#logfile="local0"
quiescent=yes

# Virtual Server for HTTP
virtual=213.115.187.XXX:80
        fallback=127.0.0.1:80
        real=10.0.0.4:80 masq
        real=10.0.0.5:80 masq
        service=http
        request="test.html"
        receive="test"
        scheduler=rr
        #persistent=600
        protocol=tcp
        checktype=negotiate

The /etc/network/interface for the director looks like this

Code:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eht0
iface eth0 inet static
        address 10.0.0.1
        netmask 255.255.255.0
        #network 10.0.0.0
        #broadcast 10.0.0.255
        #gateway 10.0.0.1
        # dns-* options are implemented by the resolvconf package, if installed
        #dns-search local
        up iptables -t nat -A POSTROUTING -j MASQUERADE -s 10.0.0.0/24
        down iptables -t nat -D POSTROUTING -j MASQUERADE -s 10.0.0.0/24

auto eth1
iface eth1 inet static
        address 213.115.187.XXX
        netmask 255.255.255.192
        network 213.115.187.192
        broadcast 213.115.187.255
        gateway 213.115.187.193

The masquerading seems to work

Code:

# /sbin/iptables -t nat -L POSTROUTING -n -v
Chain POSTROUTING (policy ACCEPT 2931 packets, 186K bytes)
 pkts bytes target     prot opt in     out     source               destination
 1453 87400 MASQUERADE  all  --  *      *       10.0.0.0/24          0.0.0.0/0

Here is the /etc/network/interfaces for the realservers

Code:

# Realserver 2 WWW2
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 10.0.0.5
        netmask 255.255.255.0
        #network 10.0.0.0
        #broadcast 192.168.7.255
        gateway 10.0.0.1

#Config entry from Realserver 1 WWW1
auto eth0:0
iface eth0:0 inet static
        address 10.0.0.4
        netmask 255.255.255.0
        network 10.0.0.0
        gateway 10.0.0.1

So the topology looks like this:
Director with two NICs, 10.0.0.1 and 213.115.187.XXX
WWW1 10.0.0.4
WWW2 10.0.0.5

And 213.115.187.XXX is the IP that the visitors point their browser to. But links 213.115.187.XXX returns: Error Connection Refused.

I think that the routing/forwarding of http requests fails. Iptables is not my specialty. Any kind of help is appriciated.

/fent

fentisen · 03-27-2006, 08:19 AM

Hmmm,

i was running netstat on the Director. And saw this line;
tcp 0 0 WWWDIST.local:42589 www1:www TIME_WAIT

So i pointed my browser to http//213.115.187.XXX and voila i got redirected to www2. But i never get redirected to www1! Sometimes it timesout, probably when it tries to reach www1. Sometimes i get directed to www2, mostly i get directed to www2.
ipvsadm shows that www2 have active connections sometimes, but www1 never have any active connections. But mostly www1 have 1 or 2 inactive connections.

when running netstat on www1 i can see a lot of these entries:

Code:

tcp6       0      0 ::ffff:10.0.0.4:www     ::ffff:10.0.0.1:44078   TIME_WAIT
tcp6       0      0 ::ffff:10.0.0.4:www     ::ffff:10.0.0.1:44072   TIME_WAIT
tcp6       0      0 ::ffff:10.0.0.4:www     ::ffff:10.0.0.1:44074   TIME_WAIT
tcp6       0      0 ::ffff:10.0.0.4:www     ::ffff:10.0.0.1:44080   TIME_WAIT
tcp6       0      0 ::ffff:10.0.0.4:www     ::ffff:10.0.0.1:44080   TIME_WAIT

Are they related to ldirectord?

Do you think that the problem is due to some weird configuration on www1? Atm www1 is running two ips, one to the LAN and one to Internet. Might that be a problem?

/Fent