Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Linux Virtual Server>
  3. Users
Redirect Question
BBarringer at InfiStar
Jan 18, 2001, 9:24 AM
Post #1 of 8 (2295 views)
Permalink
I am trying to get a simple load balancing setup on my boxes. I can't get
the HTTP to redirect/forward. However Telnet redirect works fine. I can't
figure out why the telnet redirect is working and the HTTP is not.

Let me know if you need more info. Please make suggestions.

Configuration and misc. details below.

Thanks
Ben


I have 1 LVS director and two Real Servers that are web servers.

I am running RedHat Linux version 2.2.14-5.0.14.um.3

Here are the steps.
1. Create virtual ip eth0:0 192.168.25.18

2. Edit the sysctl.conf file to look like this.
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.ip_always_defrag = 0
kernel.sysrq = 1

3. /sysctl -p
4. configure ipvsadm on the LVS So ipvsadm -L -n looks like this.

IP Virtual Server version 0.9.11 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.25.18:23 wlc persistent 360
-> 192.168.25.16:23 Route 1 0 0

-> 192.168.25.17:23 Route 1 0 0


TCP 192.168.25.18:80 wlc persistent 360
-> 192.168.25.16:80 Route 1 0 0
-> 192.168.25.17:80 Route 1 0 0




5. Routes on LVS looks like this...

Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.25.20 * 255.255.255.255 UH 0 0 0 eth0
192.168.25.18 * 255.255.255.255 UH 0 0 0 eth0
192.168.25.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.25.1 0.0.0.0 UG 0 0 0 eth0


On the Real Servers I setup an local loopback to address 192.168.25.18.
and set sysctl.conf file to this.

net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.ip_always_defrag = 0
kernel.sysrq = 0
Re: Redirect Question [ In reply to ]
mack.joseph at epa
Jan 18, 2001, 10:11 AM
Post #2 of 8 (2276 views)
Permalink
Ben Barringer wrote:
>
> I am trying to get a simple load balancing setup on my boxes. I can't get
> the HTTP to redirect/forward. However Telnet redirect works fine. I can't
> figure out why the telnet redirect is working and the HTTP is not.



> 4. configure ipvsadm on the LVS So ipvsadm -L -n looks like this.
>
> IP Virtual Server version 0.9.11 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP 192.168.25.18:23 wlc persistent 360
> -> 192.168.25.16:23 Route 1 0 0
> -> 192.168.25.17:23 Route 1 0 0
> TCP 192.168.25.18:80 wlc persistent 360
> -> 192.168.25.16:80 Route 1 0 0
> -> 192.168.25.17:80 Route 1 0 0

When you say you can't get HTTP to redirect/forward, what do you
get at the client end?

What happens when you do

telnet VIP 80
GET /

I would imagine with persistent connection, that with an http
client you would just get the one real-server all the time.

Joe



--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA
RE: Redirect Question [ In reply to ]
BBarringer at InfiStar
Jan 18, 2001, 10:31 AM
Post #3 of 8 (2284 views)
Permalink
# telnet 192.168.25.18 80
Trying 192.168.25.18...
telnet: Unable to connect to remote host: Connection refused

The RealServer never sees the request.

So far the only thing I Have found is: If i turn off telnet, on the
Director, I can no longer telnet to the 192.168.21.18 23 on the RealServer.
Why is that?

-----Original Message-----
From: Joseph Mack [mailto:mack.joseph@epa.gov]
Sent: Thursday, January 18, 2001 12:12 PM
To: lvs-users@LinuxVirtualServer.org
Subject: Re: Redirect Question


Ben Barringer wrote:
>
> I am trying to get a simple load balancing setup on my boxes. I can't get
> the HTTP to redirect/forward. However Telnet redirect works fine. I can't
> figure out why the telnet redirect is working and the HTTP is not.



> 4. configure ipvsadm on the LVS So ipvsadm -L -n looks like this.
>
> IP Virtual Server version 0.9.11 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP 192.168.25.18:23 wlc persistent 360
> -> 192.168.25.16:23 Route 1 0 0
> -> 192.168.25.17:23 Route 1 0 0
> TCP 192.168.25.18:80 wlc persistent 360
> -> 192.168.25.16:80 Route 1 0 0
> -> 192.168.25.17:80 Route 1 0 0

When you say you can't get HTTP to redirect/forward, what do you
get at the client end?

What happens when you do

telnet VIP 80
GET /

I would imagine with persistent connection, that with an http
client you would just get the one real-server all the time.

Joe



--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA
Re: Redirect Question [ In reply to ]
mack.joseph at epa
Jan 18, 2001, 10:47 AM
Post #4 of 8 (2279 views)
Permalink
Ben Barringer wrote:
>
> # telnet 192.168.25.18 80
> Trying 192.168.25.18...
> telnet: Unable to connect to remote host: Connection refused

this means that nothing is listening on the VIP:port. Either
the director is not forwarding (which it appears to be doing from
the ipvsadm output) or the real-server is not listening on port 80.
That you got a connection refused means that a reply packet came back,
ie the loop consisting of client-director-realserver-client is functional.

can you connect to VIP:80 from the console of the real-server?

> The RealServer never sees the request.

how do you know this?

> So far the only thing I Have found is: If i turn off telnet, on the
> Director, I can no longer telnet to the 192.168.21.18 23 on the RealServer.
> Why is that?

when you say "turn off telnet on the director" do you mean you have removed
telnetd from inetd.conf on the director and killed telnetd,
or you have removed telnet from the services forwarded by the director?

Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA
RE: Redirect Question [ In reply to ]
BBarringer at InfiStar
Jan 18, 2001, 12:21 PM
Post #5 of 8 (2283 views)
Permalink
From the RealServers I can't telnet to <loopback>:80? I can telnet to
<loopback>:23. I know the RealServers are working on port 80 because they
are server up webpages, if you go to there direct IP(192.168.25.16-17):80.

>when you say "turn off telnet on the director" do you mean you have removed
>telnetd from inetd.conf on the director and killed telnetd,
>or you have removed telnet from the services forwarded by the director?


If I remove Telnet from inetd and restart Inetd(killall -HUP inetd) so
telnet is no longer up; i.e. If I telnet to <vip:23> I get connection
timeout. Where as when telnet is running on the Director it correctly
directs me to one of the RealServers.


>> The RealServer never sees the request.

>how do you know this?

I don't know for sure. I have SuperSniffer running on the eth0 and it
doesn't pick up any request. Is there a better way to check?


I really appreciate the help.
Re: Redirect Question [ In reply to ]
mack.joseph at epa
Jan 18, 2001, 12:39 PM
Post #6 of 8 (2280 views)
Permalink
Ben Barringer wrote:
>
> >From the RealServers I can't telnet to <loopback>:80? I can telnet to
> <loopback>:23. I know the RealServers are working on port 80 because they
> are server up webpages, if you go to there direct IP(192.168.25.16-17):80.

it doesn't matter if the real-servers are serving pages on 16-17, the request
that arrives on the real-servers is for a page at the VIP (on 18). Is your httpd
listening to the VIP on the real-servers?

>
> >when you say "turn off telnet on the director" do you mean you have removed
> >telnetd from inetd.conf on the director and killed telnetd,
> >or you have removed telnet from the services forwarded by the director?
>
> If I remove Telnet from inetd and restart Inetd(killall -HUP inetd) so
> telnet is no longer up; i.e. If I telnet to <vip:23> I get connection
> timeout. Where as when telnet is running on the Director it correctly
> directs me to one of the RealServers.

you can leave telnet running on the director. The director forwards
all telnet requests to VIP:telnet.

Joe

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA
RE: Redirect Question [ In reply to ]
BBarringer at InfiStar
Jan 18, 2001, 1:10 PM
Post #7 of 8 (2279 views)
Permalink
Cool!!!
Works Great!

So it redirects/forwards to a different MAC address not an IP Address.

-----Original Message-----
From: Joseph Mack [mailto:mack.joseph@epa.gov]
Sent: Thursday, January 18, 2001 2:40 PM
To: lvs-users@LinuxVirtualServer.org
Subject: Re: Redirect Question

...
>it doesn't matter if the real-servers are serving pages on 16-17, the
request
>that arrives on the real-servers is for a page at the VIP (on 18). Is your
httpd
>listening to the VIP on the real-servers?

...
>you can leave telnet running on the director. The director forwards
>all telnet requests to VIP:telnet.

Joe

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
Re: Redirect Question [ In reply to ]
mack.joseph at epa
Jan 18, 2001, 1:36 PM
Post #8 of 8 (2278 views)
Permalink
Ben Barringer wrote:
>
> Cool!!!
> Works Great!
>
> So it redirects/forwards to a different MAC address not an IP Address.

Yes.

In VS-DR the packet which arrives on the real-servers has a destination of
the VIP (which is why you need the VIP on lo:0). The code running on the
director just changes the MAC address of the packet to that of the
RIP on the selected real-server and ships the packet out the door. The director
is just functioning as a router.


Joe

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal