Yeah I tried that iptables rule on the director and that didn;t work. I still get
Tcpdump output: 18:59:30.870598 IP 198.64.15.26 > ABTS-NCR-Dynamic-169.81.162.122.airtelbroadband.in: icmp 556: 198.64.15.26 unreachable - need to frag (mtu 1380) Iptable rule: Chain OUTPUT (policy ACCEPT) target prot opt source destination TCPMSS tcp -- 198.64.15.26 anywhere tcp flags:SYN,RST,ACK/SYN,ACK TCPMSS set 1440 -Sameer On 8/31/07, Graeme Fowler <[EMAIL PROTECTED]> wrote: > On Fri, 2007-08-31 at 18:03 +0530, Sameer Garg wrote: > > In my quest for setting up LVS-Tun we encountered another problem. > > MTU and fragmentation is a known problem. First some back ground > > information. > > > > 1. We can't use LVS-DR because our machines are all over the place. > > (Thank the ISP) > > 2. The setup comprises of 2 machines. 1 director and 1 Real Server. > > 3. We are using RHEL 4. > > What you have to remember is as follows: > > 1. The initial packet from the client to the realserver - the SYN packet > - sets the parameters for the connection. > > 2. With TUN, the realserver is responding directly to the client. > > 3. That means if the tun0 interface(s) have an MTU of (for example) > 1400, then you need to make the *realserver's VIP interface* have an MTU > of 1400. How you do that varies with OS, but for a Linux server you'd do > the following on the realserver: > > iptables -A OUTPUT -s VIRTUAL-IP -p tcp -m tcp --tcp-flags SYN,RST,ACK > SYN,ACK -j TCPMSS --set-mss 1440 > > ...which is in the HOWTO :) > > That then means the realserver will respond to the initial ACK with the > MSS set for that connection; the client will see that MSS and *should* > then adjust its' following packet sizes. > > You should leave the director and tun0 interfaces to do what they want, > as I recall. > > Graeme > > > > > _______________________________________________ > LinuxVirtualServer.org mailing list - [email protected] > Send requests to [EMAIL PROTECTED] > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
