Re: [Linux-cluster] iptables rules for LVS-DR cluster

[John Garrity <jgarrity qualcomm com>]

At 06:11 PM 4/5/2008, you wrote:
it's "rr", double-R for round-robin.

d'oh, that's what i get for not wearing my glasses! 

i don't think you have to do that with persistency. as i said, it works pretty good here.
>without much knowledge about your network, i would say it's an issue with the direct routing setup. i would suggest digging a little deeper into your network setup and checking tcpdump for the reason of the connection reset. (stateful filtering at the wrong point in the setup comes to mind).

yeah, the output from ipvsadm is good for http

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  l423-lvs.qualcomm.com:http rr
  -> l423-cn1.qualcomm.com:http   Route   1      0          0         
  -> l423-cn2.qualcomm.com:http   Route   2      0          0         
FWM  20 rr persistent 20

but no good for ftp

[root l423-lb1 ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
FWM  20 rr persistent 20

I signed up for the LVS mail list and will probably post there next week if I can't make any more progress on my own...



>maybe you should ask at that LVS mailing list for help!
>good luck.
>johannes
>
>>I tried using a firewall mark of 20 and have Piranha configured to use 21 as the application port. I can ftp to the real servers using their real IPs but ftps to the VIP fail with the error on the ftp client "An existing connection was forcibly closed by the remote host."
>>
>>Persistence is set to 20
>>
>>  
>
>--
>Linux-cluster mailing list
>Linux-cluster redhat com
>https://www.redhat.com/mailman/listinfo/linux-cluster