Thanks for the quick response Joseph, really appreciate your input.
On 2009-10-14, at 8:32 AM, Joseph Mack NA3T wrote: > On Wed, 14 Oct 2009, Vincent Young wrote: > >> So first things first, I'm trying to get this set up on linode.com. > > I assume this means you are trying to run linode.com on an > LVS. > Linode is a VPS hosting company using Xen virtual servers, and i'm being hosted with them at the moment. >> and I've been in their IRC channel, and asked if this > > I have no idea what "this" is. I was asking in their IRC channel if people had got a LVS setup going on their linodes, and i was talking about the problems of my real server not doing anything with the ipip packet and the martian sources being logged. > >> would work. and one of the official responses on this >> issue: >> >> caker:if packets get rewritten, it's not gonna work >> [ >> caker:we filter based on source ip and mac, and dest ip and mac >> [caker:^-- for a given Linode > > LVS relies on rewriting packets and works everywhere else > (almost) > >> So i decided to use LVS-TUN. Linode has the option of deploying your environment in 4 datacenters, and i figured it would be good to be able to have the flexibility to connect outside my datacenter when the need should arise. > why? I don't know what the problem is, so I don't know why > you'd want LVS-Tun > >> Each linode has a public IP on eth0, and an aliased eth0:0 >> private ip address with no gateway. > > it's best now not to use aliases. use iproute2 tools. see > the HOWTO I'll give that a try, But the documentation I was reading on my linode said that my Linode only have one virtual ethernet interface -eth0, so that is why I needed to assign my private ip as an alias on that interface. > > >> This is where I am not sure if it was the correct approach or not, >> please correct me. On the director, I set the VIP to be the same as >> my eth0 public IP. and on the real servers I created a tunl0 >> interface >> that matched the VIP. > > yes > >> I dont think i needed to add a route, since they >> both share a common gateway on their public IP's, and they can talk >> to >> each other. > > LVS-Tun doesn't get you anything over LVS-DR, if all > machines are on the same network. > >> director: cannot ping realserver > > you need to fix this. I assume this is your problem. ping stops working once I added the tunl0 device to my realserver with the following command: /sbin/ifconfig tunl0 97.107.133.234 netmask 255.255.255.255 broadcast 97.107.133.234 before I added that, I'm able to ping the real server from the director no problem. Is there something I should be doing to get it to work? > >> or telnet port 80 into realserver eth0 public ip. > > this test doesn't tell you anything if you can't ping the > realserver. After you can ping the realserver, you still > won't be able to connect to the realserver:VIP:80. Do you > understand why? Which is why I used a different client to do my tests. Is the reason because I'll just be connecting locally, and not actually go through the VIP? > >> can ping client. > > yes > >> realserver: can ping both realserver and client.when i telnet into >> VIP >> on port 80, i believe it bypasses the director, > > yes > >> since tcpdump host >> 97.107.130.68 on the director showed no activity. >> client (public ip 99.247.97.70) can ping director and realserver, and >> can telnet port 80 to real server fine. > > yes > >> when i telnet to the >> VIP,client doesnt get a response. > > packets aren't getting from the director to the realserver > (the ping problem). > >> conclusion so far: >> it looks like the ipip packet is reaching the realserver, but want to >> find out if it's being discarded because it thinks it's a martian >> source? > > if so, turn off blocking martians. Is this controlled at the router level? or on the realserver? Im on a VPS, and dont have access to the physical machines themselves or the hardware like routers. I just deploy my distro of linux and ssh in to customize it. I can then customize it by adding modules to the kernel like what I had to do (add ip_vs), or use a custom kernel. so in my case, would i have any control over this? > > Joe > > -- > Joseph Mack NA3T EME(B,D), FM05lw North Carolina > jmack (at) wm7d (dot) net - azimuthal equidistant map > generator at http://www.wm7d.net/azproj.shtml > Homepage http://www.austintek.com/ It's GNU/Linux! > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - [email protected] > Send requests to [email protected] > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
