On Wed, 14 Oct 2009, Vincent Young wrote: > So first things first, I'm trying to get this set up on linode.com.
I assume this means you are trying to run linode.com on an LVS. > and I've been in their IRC channel, and asked if this I have no idea what "this" is. > would work. and one of the official responses on this > issue: > > caker:if packets get rewritten, it's not gonna work > [ > caker:we filter based on source ip and mac, and dest ip and mac > [caker:^-- for a given Linode LVS relies on rewriting packets and works everywhere else (almost) > So i decided to use LVS-TUN. why? I don't know what the problem is, so I don't know why you'd want LVS-Tun > Each linode has a public IP on eth0, and an aliased eth0:0 > private ip address with no gateway. it's best now not to use aliases. use iproute2 tools. see the HOWTO > This is where I am not sure if it was the correct approach or not, > please correct me. On the director, I set the VIP to be the same as > my eth0 public IP. and on the real servers I created a tunl0 interface > that matched the VIP. yes > I dont think i needed to add a route, since they > both share a common gateway on their public IP's, and they can talk to > each other. LVS-Tun doesn't get you anything over LVS-DR, if all machines are on the same network. > director: cannot ping realserver you need to fix this. I assume this is your problem. > or telnet port 80 into realserver eth0 public ip. this test doesn't tell you anything if you can't ping the realserver. After you can ping the realserver, you still won't be able to connect to the realserver:VIP:80. Do you understand why? > can ping client. yes > realserver: can ping both realserver and client.when i telnet into VIP > on port 80, i believe it bypasses the director, yes > since tcpdump host > 97.107.130.68 on the director showed no activity. > client (public ip 99.247.97.70) can ping director and realserver, and > can telnet port 80 to real server fine. yes > when i telnet to the > VIP,client doesnt get a response. packets aren't getting from the director to the realserver (the ping problem). > conclusion so far: > it looks like the ipip packet is reaching the realserver, but want to > find out if it's being discarded because it thinks it's a martian > source? if so, turn off blocking martians Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
