Mailing List Archive

[lvs-users] Strange error (bug?) with source NAT
Hi,

For a test I set up a LVS that should balance a telnet service inside a LAN.

So the client IP ist 192.168.0.1
the virtual IP is 192.168.0.2

and the real servers IPs are 192.168.0.3 and 4.

I prepared my loadbalancer:
echo "1" > /proc/sys/net/ip4/ip_forward
echo "1" > /proc/sys/net/ipv4/vs/conntrack

and added:

iptables -t nat -I POSTROUTING -p tcp -s 192.168.0.0/24 -d 192.168.0.3 \
--destination-port=23 -j MASQUERADE
iptables -t nat -I POSTROUTING -p tcp -s 192.168.0.0/24 -d 192.168.0.4 \
--destination-port=23 -j MASQUERADE

the ipvs config is:

ipvsadm -A -t 192.168.0.2:23 -s rr
ipvsadm -a -t 192.168.0.2:23 -r 192.168.0.3:23 -m -w 1
ipvsadm -a -t 192.168.0.2:23 -r 192.168.0.4:23 -m -w 1

Now a strange thing happens. A telnet fron the client does NOT work

# telnet 192.168.0.2

UNTIL I start tcpdump on the loadbalacer. When I watch the traffic everything
works. I do not watch, telnet fails. The behavoiur is absolutely reproducable.

Oh, the interface of my loadbalancer ist a bridge br0 over the single
interface eth0.

Did anybody implement some quantum computing in the ipvs module?
Anybody has a explanation for that behaviour?


Mit freundlichen Grüßen,

Michael Schwartzkopff

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: [lvs-users] Strange error (bug?) with source NAT [ In reply to ]
Am Donnerstag, 10. Dezember 2015, 14:01:33 schrieb Michael Schwartzkopff:
> Hi,
>
> For a test I set up a LVS that should balance a telnet service inside a
> LAN.
>
> So the client IP ist 192.168.0.1
> the virtual IP is 192.168.0.2
>
> and the real servers IPs are 192.168.0.3 and 4.
>
> I prepared my loadbalancer:
> echo "1" > /proc/sys/net/ip4/ip_forward
> echo "1" > /proc/sys/net/ipv4/vs/conntrack
>
> and added:
>
> iptables -t nat -I POSTROUTING -p tcp -s 192.168.0.0/24 -d 192.168.0.3 \
> --destination-port=23 -j MASQUERADE
> iptables -t nat -I POSTROUTING -p tcp -s 192.168.0.0/24 -d 192.168.0.4 \
> --destination-port=23 -j MASQUERADE
>
> the ipvs config is:
>
> ipvsadm -A -t 192.168.0.2:23 -s rr
> ipvsadm -a -t 192.168.0.2:23 -r 192.168.0.3:23 -m -w 1
> ipvsadm -a -t 192.168.0.2:23 -r 192.168.0.4:23 -m -w 1
>
> Now a strange thing happens. A telnet fron the client does NOT work
>
> # telnet 192.168.0.2
>
> UNTIL I start tcpdump on the loadbalacer. When I watch the traffic
> everything works. I do not watch, telnet fails. The behavoiur is absolutely
> reproducable.
>
> Oh, the interface of my loadbalancer ist a bridge br0 over the single
> interface eth0.
>
> Did anybody implement some quantum computing in the ipvs module?
> Anybody has a explanation for that behaviour?

Solved: When I remove the bridge and use the plain eth0 interface everything
works as expected.

Any idea why the bridged setup only works when watching?

Mit freundlichen Grüßen,

Michael Schwartzkopff

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein