[Linux-cluster] iptables rules for LVS-DR cluster
John Garrity
jgarrity at qualcomm.com
Sun Apr 6 21:08:26 UTC 2008
At 06:11 PM 4/5/2008, you wrote:
it's "rr", double-R for round-robin.
d'oh, that's what i get for not wearing my glasses!
i don't think you have to do that with persistency. as i said, it works pretty good here.
>without much knowledge about your network, i would say it's an issue with the direct routing setup. i would suggest digging a little deeper into your network setup and checking tcpdump for the reason of the connection reset. (stateful filtering at the wrong point in the setup comes to mind).
yeah, the output from ipvsadm is good for http
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP l423-lvs.qualcomm.com:http rr
-> l423-cn1.qualcomm.com:http Route 1 0 0
-> l423-cn2.qualcomm.com:http Route 2 0 0
FWM 20 rr persistent 20
but no good for ftp
[root at l423-lb1 ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 20 rr persistent 20
I signed up for the LVS mail list and will probably post there next week if I can't make any more progress on my own...
>maybe you should ask at that LVS mailing list for help!
>good luck.
>johannes
>
>>I tried using a firewall mark of 20 and have Piranha configured to use 21 as the application port. I can ftp to the real servers using their real IPs but ftps to the VIP fail with the error on the ftp client "An existing connection was forcibly closed by the remote host."
>>
>>Persistence is set to 20
>>
>>
>
>--
>Linux-cluster mailing list
>Linux-cluster at redhat.com
>https://www.redhat.com/mailman/listinfo/linux-cluster
More information about the Linux-cluster
mailing list