Thanks for your reply Andrew.
> > It sounds like the server's responses aren't making it through, > meaning that a TCP three-way handshake cannot be completed. > > What is sitting in front of the real server, and *is it stateful*? A > router? A firewall? > > There's no firewall in-front of the real server, while I'm testing LVS. There should be router I'm guessing. As this a cloud hosted VM, I checked with the hosting company, and they've confirmed that their network equipment is not configured to drop any packets, and tunneling should work fine. I'll try it out on a different cloud host like DigitalOcean or Linode to see if that makes a difference. > When using a Linux router, I always disable the rp_filter. When using > a pfSense firewall, I create floating firewall rules to cover all TCP > flags and 'sloppy state keeping' on the inbound and outbound network > interfaces. > > rp_filter is disabled (set to zero for all interfaces) on the real server. Does the virtual IP address on the real server look 'out of place' in > the context of the rest of the network? For example, if a router > expects to see addresses in 10.0.0.0/24 on eth0 and addresses in > 192.168.0.0/24 on eth1 but it starts seeing traffic from 10.0.0.20 > coming *in* on eth1 (e.g. from a VIP address) then the router may well > drop the return traffic. > Well, on the load balancer VM I've got two IPs - a static public IP bound to ens3, and another static public IP (virtual IP) bound to ens3:0. Client requests are made to the virtual IP. The real server has its own static public IP bound to ens3, and the virtual IP is bound to tunl0 interface. Load balancer VM and real server VM are located in different data centers, so they're on different networks, and hence their IPs and gateways are different. Nothing out of the ordinary is visible on the real server that could be dropping the packets. Even this cloud hosting company has confirmed that their network isn't configured to don't drop packets as such. Please chime in if anything else comes to mind. Cheers, Nick _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
