Mailing List Archive

[lvs-users] LVS-NAT setup
Dear all,
I am trying to setup LVS-NAT load-balancer. I am using three ubuntu
instances. Here are the instance details...
Load-balancer
Private IP: 192.168.20.44
Public IP: 10.10.10.167
Real Server
Private IP: 192.168.16.10
Public IP: 10.10.10.221
Real Server
Private IP: 192.168.16.11
Public IP: 10.10.10.225
Now, I have configured ipvsadm in following manner...
root@ubuntutcs:~#
root@ubuntutcs:~# ipvsadm -A -u 192.168.20.44:4679 -s rr
root@ubuntutcs:~# ipvsadm -a -u 192.168.20.44:4679 -r 192.168.16.10:4679 -m
root@ubuntutcs:~# ipvsadm -a -u 192.168.20.44:4679 -r 192.168.16.11:4679 -m
Set "net.ipv4.ip_forward" to 1 in /etc/sysctl.conf file. Then I have
configured iptables for NAT.
root@ubuntutcs:~# iptables -t nat -A PREROUTING -p udp --dport 4679 -m ipvs
--vproto udp --vaddr 192.168.20.82 --vport 5683 --vmethod MASQ --vportctl
5683
root@ubuntutcs:~# iptables -t nat -A POSTROUTING -j MASQUERADE
With this configuration, I am not able to connect real servers. I have used
"tcpdump" to track packets. Here are snippet of tcpdump output on
load-balancer..
root@ubuntutcs:~# !tcp
tcpdump -n -i any port 5683
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
bytes
14:40:09.113514 IP 10.10.10.226.45048 > 192.168.20.82.5683: UDP, length 39
14:40:09.113685 IP 10.10.10.226.45048 > 192.168.16.10.5683: UDP, length 39
14:40:23.556608 IP 10.10.10.226.47732 > 192.168.20.82.5683: UDP, length 39
14:40:23.556790 IP 10.10.10.226.47732 > 192.168.16.11.5683: UDP, length 39
It seems that packets are forwarded to the real servers, but they are not
received by real servers. I have executed "tcpdump" on real servers too,
but did not get any packets.
Please advice, do I need to configure real server?
Thanks,
Prasun
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] LVS-NAT setup [ In reply to ]
I think you probably are confused with the the iptables match
extension ipvs and ipvs core in kernel as load balancing (LVS), you
don't need to have iptables rule to make LVS work, the iptables '-m
ipvs' is used when you need to do source address translation (SNAT),
it is used when you don't want to point your real server gateway ip to
the lvs director in LVS NAT mode and you are also using it wrongly,
for example, in my usage I have:

echo 1 > /proc/sys/net/ipv4/vs/conntrack
iptables -t nat -A POSTROUTING -m ipvs --vaddr 10.1.72.169/32 --vport
80 -j SNAT --to-source 10.2.72.139
iptables -t nat -A POSTROUTING -m ipvs --vaddr 10.1.72.169/32 --vport
22 -j SNAT --to-source 10.2.72.139




On Sat, Aug 3, 2013 at 4:41 AM, Prasun Bhattacharjee
<prasunb25@gmail.com> wrote:
> Dear all,
> I am trying to setup LVS-NAT load-balancer. I am using three ubuntu
> instances. Here are the instance details...
> Load-balancer
> Private IP: 192.168.20.44
> Public IP: 10.10.10.167
> Real Server
> Private IP: 192.168.16.10
> Public IP: 10.10.10.221
> Real Server
> Private IP: 192.168.16.11
> Public IP: 10.10.10.225
> Now, I have configured ipvsadm in following manner...
> root@ubuntutcs:~#
> root@ubuntutcs:~# ipvsadm -A -u 192.168.20.44:4679 -s rr
> root@ubuntutcs:~# ipvsadm -a -u 192.168.20.44:4679 -r 192.168.16.10:4679 -m
> root@ubuntutcs:~# ipvsadm -a -u 192.168.20.44:4679 -r 192.168.16.11:4679 -m
> Set "net.ipv4.ip_forward" to 1 in /etc/sysctl.conf file. Then I have
> configured iptables for NAT.
> root@ubuntutcs:~# iptables -t nat -A PREROUTING -p udp --dport 4679 -m ipvs
> --vproto udp --vaddr 192.168.20.82 --vport 5683 --vmethod MASQ --vportctl
> 5683
> root@ubuntutcs:~# iptables -t nat -A POSTROUTING -j MASQUERADE
> With this configuration, I am not able to connect real servers. I have used
> "tcpdump" to track packets. Here are snippet of tcpdump output on
> load-balancer..
> root@ubuntutcs:~# !tcp
> tcpdump -n -i any port 5683
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
> bytes
> 14:40:09.113514 IP 10.10.10.226.45048 > 192.168.20.82.5683: UDP, length 39
> 14:40:09.113685 IP 10.10.10.226.45048 > 192.168.16.10.5683: UDP, length 39
> 14:40:23.556608 IP 10.10.10.226.47732 > 192.168.20.82.5683: UDP, length 39
> 14:40:23.556790 IP 10.10.10.226.47732 > 192.168.16.11.5683: UDP, length 39
> It seems that packets are forwarded to the real servers, but they are not
> received by real servers. I have executed "tcpdump" on real servers too,
> but did not get any packets.
> Please advice, do I need to configure real server?
> Thanks,
> Prasun
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users