Michael Lang
2006-Oct-02 09:59 UTC
[Xen-users] dom0 with ipvsadm to domU masquerade strange behavior
Hi,
i''ve encountered a strange behavior of Xen 3.0.2 with dom0 setup to use
ipvsadm to masquerade a Service to it''s domU same machine.
reproduce able with:
(example service sendmail)
setup in dom0:
$ ipvsadm -A -t ${externalip}:25 -s wrr
$ ipvsadm -a -t ${externalip}:25 -r ${internalip}:25 -m -w 1
trying to connect from outside looks like:
$ telnet ${externalip} 25
Trying ${externalip}...
Connected to ${externalreversefqdn} (${externalip}).
Escape character is ''^]''.
^]quit
after getting "Escape character is ''^]''." no
response string shows up.
doing a tcpdump, i can see the packet arrives but immediately a TCP
Recent shows up. I''ve tested this with two different Machines (dom0)
and
the strangest thing i noticed that using a different machine for Service
than domU works fine (so that domU isnt located on the same machine as
dom0). Any suggestion how to fix this ?
kind regards
Michael Lang
tcpdump:
# tcpdump -nnNi any port 25
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96
bytes
11:56:03.901541 IP ${remoteip}.45156 > ${dom0serviceip}.25: S
3500878808:3500878808(0) win 5840 <mss 1460,sackOK,timestamp 297651832
0,nop,wscale 2>
11:56:03.901734 IP ${remoteip}.45156 > ${domUserviceip}.25: S
3500878808:3500878808(0) win 5840 <mss 1460,sackOK,timestamp 297651832
0,nop,wscale 2>
11:56:03.901760 IP ${remoteip}.45156 > ${domUserviceip}.25: S
3500878808:3500878808(0) win 5840 <mss 1460,sackOK,timestamp 297651832
0,nop,wscale 2>
11:56:03.903417 IP ${domUserviceip}.25 > ${remoteip}.45156: S
646178341:646178341(0) ack 3500878809 win 5792 <mss
1460,sackOK,timestamp 216071861 297651832,nop,wscale 2>
11:56:03.903417 IP ${domUserviceip}.25 > ${remoteip}.45156: S
646178341:646178341(0) ack 3500878809 win 5792 <mss
1460,sackOK,timestamp 216071861 297651832,nop,wscale 2>
11:56:03.903491 IP ${dom0serviceip}.25 > ${remoteip}.45156: S
646178341:646178341(0) ack 3500878809 win 5792 <mss
1460,sackOK,timestamp 216071861 297651832,nop,wscale 2>
11:56:03.905582 IP ${remoteip}.45156 > ${dom0serviceip}.25: . ack 1 win
1460 <nop,nop,timestamp 297651836 216071861>
11:56:03.905630 IP ${remoteip}.45156 > ${domUserviceip}.25: . ack 1 win
1460 <nop,nop,timestamp 297651836 216071861>
11:56:03.905638 IP ${remoteip}.45156 > ${domUserviceip}.25: . ack 1 win
1460 <nop,nop,timestamp 297651836 216071861>
11:56:03.935918 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071864 297651836>
11:56:03.935918 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071864 297651836>
11:56:03.936050 IP ${dom0serviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071864 297651836> 11:56:04.137015
IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94) ack 1 win 1448
<nop,nop,timestamp 216071885 297651836>
11:56:04.137015 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071885 297651836> 11:56:04.137173
IP ${dom0serviceip}.25 > ${remoteip}.45156: P 1:95(94) ack 1 win 1448
<nop,nop,timestamp 216071885 297651836>
11:56:04.556866 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071927 297651836>
11:56:04.556866 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071927 297651836>
11:56:04.556984 IP ${dom0serviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071927 297651836>
11:56:05.397267 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216072011 297651836>
11:56:05.397267 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216072011 297651836>
11:56:05.397320 IP ${dom0serviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216072011 297651836>
11:56:05.958753 IP ${remoteip}.45156 > ${dom0serviceip}.25: F 1:1(0) ack
1 win 1460 <nop,nop,timestamp 297653890 216071861>
11:56:05.958808 IP ${remoteip}.45156 > ${domUserviceip}.25: F 1:1(0) ack
1 win 1460 <nop,nop,timestamp 297653890 216071861>
11:56:06.162455 IP ${remoteip}.45156 > ${dom0serviceip}.25: F 1:1(0) ack
1 win 1460 <nop,nop,timestamp 297654094 216071861>
11:56:06.162528 IP ${remoteip}.45156 > ${domUserviceip}.25: F 1:1(0) ack
1 win 1460 <nop,nop,timestamp 297654094 216071861>
11:56:06.570379 IP ${remoteip}.45156 > ${dom0serviceip}.25: F 1:1(0) ack
1 win 1460 <nop,nop,timestamp 297654502 216071861>
11:56:06.570442 IP ${remoteip}.45156 > ${domUserviceip}.25: F 1:1(0) ack
1 win 1460 <nop,nop,timestamp 297654502 216071861>
--
Michael Lang <michi+xen@relay3.jackal-net.at>
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Michael Lang
2006-Oct-02 16:40 UTC
Re: [Xen-users] dom0 with ipvsadm to domU masquerade strange behavior
On Mon, 2006-10-02 at 11:59 +0200, Michael Lang wrote:> Hi, > > i''ve encountered a strange behavior of Xen 3.0.2 with dom0 setup to use > ipvsadm to masquerade a Service to it''s domU same machine.one more addtional info, this behavior doesnt occure when using static DNAT rules, only using ipvsadm. thanks for any hint Kind regards, Michael Lang> > reproduce able with: > (example service sendmail) > > setup in dom0: > > $ ipvsadm -A -t ${externalip}:25 -s wrr > $ ipvsadm -a -t ${externalip}:25 -r ${internalip}:25 -m -w 1 >-- Michael Lang <michi+xen@relay3.jackal-net.at> _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users