Xen users - Nov 2006 - Re: Problem setting up LVS (Linux Virtual Server) in Xen Virtual

I''m seeing the same problem running the LVS load-balancer and a couple
of real servers as virtual machines. My setup is based on Ubuntu 6.10.

However, the problem only appears when the load-balancer and the real servers
are running on the same physical machine (dom0). When migrating the
load-balancer live to another physical computer on the same subnet, the network
traffic all of a sudden starts to work! This leads me to believe there is a
problem with the bridge in dom0. There are some indications on this in the
document http://en.opensuse.org/Xen3_and_a_Virtual_Network which discusses
moving the bridge/router to a virtual machine.

I''m not a bridge expert and do not understand why the brouter setup in
the document above would be necessary. Is there some way to make our setup with
the bridge in dom0 work?

-Erling

Original posting:

To:  xen-users@xxxxxxxxxxxxxxxxxxx 
Subject:  [Xen-users] Problem setting up LVS (Linux Virtual Server) in Xen
Virtual Machine
From:  cifroes <cifroes@xxxxxxxxxx> 
Date:  Mon, 06 Nov 2006 19:29:22 +0000 

Hi all,


I''m trying to setup 3 virtual machines, 1 with LVS (Linux Virtual
Server) load-balancing and 2 with Tomcat+Axis (webserver and stuff).


I''m using openSUSE 10.1 (xen 3.0.2) in all VMs and Dom0. rcSuseFirewall
is stopped, iptables -l report everything "accept"''ing.

Here''s my IP configuration:
http://pwp.netcabo.pt/pformoso/network.gif

You can see there are 3VMs running.


In the LB virtual machine I configure Linux Virtual Server (ipvsadm):
ipvsadm -A -t 192.168.200.180:8080 -s rr
ipvsadm -a -t 192.168.200.180:8080 -r 192.168.200.185:8080 -m
ipvsadm -a -t 192.168.200.180:8080 -r 192.168.200.190:8080 -m

I also set ip_forward:
echo "1" > /proc/sys/net/ipv4/ip_forward


Then, in dom0 I try my LVS:
lynx http://192.168.200.180:8080
but I only get "making http connection to xxxx..."


Tomcat logs in both VMs don''t report the connection.
TCP sniffer in VM10/20 reports:
Capturing on eth0

1 0.000000 192.168.200.150 -> 192.168.200.185 TCP 44000 > http-alt [SYN]
Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=19301554 TSER=0 WS=2 2 0.009607
192.168.200.185 -> 192.168.200.150 TCP http-alt > 44000 [SYN, ACK] Seq=0
Ack=1 Win=5792 Len=0 MSS=1460 TSV=19273803 TSER=19301554 WS=2 3 0.009658
192.168.200.150 -> 192.168.200.185 TCP 44000 > http-alt [RST] Seq=1
Ack=4283853535 Win=0 Len=0


TCP sniffer in LB reports:

1 0.000000 192.168.200.150 -> 192.168.200.180 TCP 44000 > http-alt [SYN]
Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=19301554 TSER=0 WS=2 2 0.009344
192.168.200.150 -> 192.168.200.185 TCP 44000 > http-alt [SYN] Seq=0 Ack=0
Win=5840 Len=0 MSS=1460 TSV=19301554 TSER=0 WS=2




Any ideas why this doesn''t work? How should I do it? Any tutorial/howto
help is appreciated.


Thanks in advance,
--cifroes

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

I don''t understand much also about bridging/routing...

I still have my problem unresolved.

Andersen, Erling wrote:
> I''m seeing the same problem running the LVS load-balancer and a
couple of real servers as virtual machines. My setup is based on Ubuntu 6.10.
>
> However, the problem only appears when the load-balancer and the real
servers are running on the same physical machine (dom0). When migrating the
load-balancer live to another physical computer on the same subnet, the network
traffic all of a sudden starts to work! This leads me to believe there is a
problem with the bridge in dom0. There are some indications on this in the
document http://en.opensuse.org/Xen3_and_a_Virtual_Network which discusses
moving the bridge/router to a virtual machine.
>
> I''m not a bridge expert and do not understand why the brouter
setup in the document above would be necessary. Is there some way to make our
setup with the bridge in dom0 work?
>
> -Erling
>
> Original posting:
>
> To:  xen-users@xxxxxxxxxxxxxxxxxxx 
> Subject:  [Xen-users] Problem setting up LVS (Linux Virtual Server) in Xen
Virtual Machine
> From:  cifroes <cifroes@xxxxxxxxxx> 
> Date:  Mon, 06 Nov 2006 19:29:22 +0000 
>
> Hi all,
>
>
> I''m trying to setup 3 virtual machines, 1 with LVS (Linux Virtual
Server) load-balancing and 2 with Tomcat+Axis (webserver and stuff).
>
>
> I''m using openSUSE 10.1 (xen 3.0.2) in all VMs and Dom0.
rcSuseFirewall is stopped, iptables -l report everything
"accept"''ing.
>
> Here''s my IP configuration:
> http://pwp.netcabo.pt/pformoso/network.gif
>
> You can see there are 3VMs running.
>
>
> In the LB virtual machine I configure Linux Virtual Server (ipvsadm):
> ipvsadm -A -t 192.168.200.180:8080 -s rr
> ipvsadm -a -t 192.168.200.180:8080 -r 192.168.200.185:8080 -m
> ipvsadm -a -t 192.168.200.180:8080 -r 192.168.200.190:8080 -m
>
> I also set ip_forward:
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
>
> Then, in dom0 I try my LVS:
> lynx http://192.168.200.180:8080
> but I only get "making http connection to xxxx..."
>
>
> Tomcat logs in both VMs don''t report the connection.
> TCP sniffer in VM10/20 reports:
> Capturing on eth0
>
> 1 0.000000 192.168.200.150 -> 192.168.200.185 TCP 44000 > http-alt
[SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=19301554 TSER=0 WS=2 2 0.009607
192.168.200.185 -> 192.168.200.150 TCP http-alt > 44000 [SYN, ACK] Seq=0
Ack=1 Win=5792 Len=0 MSS=1460 TSV=19273803 TSER=19301554 WS=2 3 0.009658
192.168.200.150 -> 192.168.200.185 TCP 44000 > http-alt [RST] Seq=1
Ack=4283853535 Win=0 Len=0
>
>
> TCP sniffer in LB reports:
>
> 1 0.000000 192.168.200.150 -> 192.168.200.180 TCP 44000 > http-alt
[SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=19301554 TSER=0 WS=2 2 0.009344
192.168.200.150 -> 192.168.200.185 TCP 44000 > http-alt [SYN] Seq=0 Ack=0
Win=5840 Len=0 MSS=1460 TSV=19301554 TSER=0 WS=2
>
>
>
>
> Any ideas why this doesn''t work? How should I do it? Any
tutorial/howto help is appreciated.
>
>
> Thanks in advance,
> --cifroes
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
>
>   

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi,

cifroes, according to LVS mini-howto, you can''t use "ipvsadm ...
-m" since
your client, loadbalancer and webservers are on the same IP range.
You need to check the doc about LVS-DR (direct routing) if you want to keep
you current IP addresses, else look for LVS-NAT.
Source:
http://www.austintek.com/LVS/LVS-HOWTO/mini-HOWTO/LVS-mini-HOWTO.html

br,
Fabrice T.


2006/11/13, cifroes <cifroes@netcabo.pt>:
>
> I don''t understand much also about bridging/routing...
>
> I still have my problem unresolved.
>
> Andersen, Erling wrote:
> > I''m seeing the same problem running the LVS load-balancer and
a couple
> of real servers as virtual machines. My setup is based on Ubuntu 6.10.
> >
> > However, the problem only appears when the load-balancer and the real
> servers are running on the same physical machine (dom0). When migrating the
> load-balancer live to another physical computer on the same subnet, the
> network traffic all of a sudden starts to work! This leads me to believe
> there is a problem with the bridge in dom0. There are some indications on
> this in the document http://en.opensuse.org/Xen3_and_a_Virtual_Networkwhich
discusses moving the bridge/router to a virtual machine.
> >
> > I''m not a bridge expert and do not understand why the brouter
setup in
> the document above would be necessary. Is there some way to make our setup
> with the bridge in dom0 work?
> >
> > -Erling
> >
> > Original posting:
> >
> > To:  xen-users@xxxxxxxxxxxxxxxxxxx
> > Subject:  [Xen-users] Problem setting up LVS (Linux Virtual Server) in
> Xen Virtual Machine
> > From:  cifroes <cifroes@xxxxxxxxxx>
> > Date:  Mon, 06 Nov 2006 19:29:22 +0000
> >
> > Hi all,
> >
> >
> > I''m trying to setup 3 virtual machines, 1 with LVS (Linux
Virtual
> Server) load-balancing and 2 with Tomcat+Axis (webserver and stuff).
> >
> >
> > I''m using openSUSE 10.1 (xen 3.0.2) in all VMs and Dom0.
rcSuseFirewall
> is stopped, iptables -l report everything "accept"''ing.
> >
> > Here''s my IP configuration:
> > http://pwp.netcabo.pt/pformoso/network.gif
> >
> > You can see there are 3VMs running.
> >
> >
> > In the LB virtual machine I configure Linux Virtual Server (ipvsadm):
> > ipvsadm -A -t 192.168.200.180:8080 -s rr
> > ipvsadm -a -t 192.168.200.180:8080 -r 192.168.200.185:8080 -m
> > ipvsadm -a -t 192.168.200.180:8080 -r 192.168.200.190:8080 -m
> >
> > I also set ip_forward:
> > echo "1" > /proc/sys/net/ipv4/ip_forward
> >
> >
> > Then, in dom0 I try my LVS:
> > lynx http://192.168.200.180:8080
> > but I only get "making http connection to xxxx..."
> >
> >
> > Tomcat logs in both VMs don''t report the connection.
> > TCP sniffer in VM10/20 reports:
> > Capturing on eth0
> >
> > 1 0.000000 192.168.200.150 -> 192.168.200.185 TCP 44000 >
http-alt [SYN]
> Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=19301554 TSER=0 WS=2 2 0.009607
> 192.168.200.185 -> 192.168.200.150 TCP http-alt > 44000 [SYN, ACK]
Seq=0
> Ack=1 Win=5792 Len=0 MSS=1460 TSV=19273803 TSER=19301554 WS=2 3 0.009658
> 192.168.200.150 -> 192.168.200.185 TCP 44000 > http-alt [RST] Seq=1
> Ack=4283853535 Win=0 Len=0
> >
> >
> > TCP sniffer in LB reports:
> >
> > 1 0.000000 192.168.200.150 -> 192.168.200.180 TCP 44000 >
http-alt [SYN]
> Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=19301554 TSER=0 WS=2 2 0.009344
> 192.168.200.150 -> 192.168.200.185 TCP 44000 > http-alt [SYN] Seq=0
Ack=0
> Win=5840 Len=0 MSS=1460 TSV=19301554 TSER=0 WS=2
> >
> >
> >
> >
> > Any ideas why this doesn''t work? How should I do it? Any
tutorial/howto
> help is appreciated.
> >
> >
> > Thanks in advance,
> > --cifroes
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@lists.xensource.com
> > http://lists.xensource.com/xen-users
> >
> >
> >
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi,

Thanks.

I tried already with LVS-DR and it also doesn''t work... (in VMWare, 
LVS-NAT works)


Regards,
-- cifroes


Fabrice Toppi wrote:
> Hi,
>
> cifroes, according to LVS mini-howto, you can''t use "ipvsadm
... -m"
> since your client, loadbalancer and webservers are on the same IP range.
> You need to check the doc about LVS-DR (direct routing) if you want to 
> keep you current IP addresses, else look for LVS-NAT.
> Source: 
> http://www.austintek.com/LVS/LVS-HOWTO/mini-HOWTO/LVS-mini-HOWTO.html
>
> br,
> Fabrice T.
>
>
> 2006/11/13, cifroes <cifroes@netcabo.pt
<mailto:cifroes@netcabo.pt>>:
>
>     I don''t understand much also about bridging/routing...
>
>     I still have my problem unresolved.
>
>     Andersen, Erling wrote:
>     > I''m seeing the same problem running the LVS load-balancer
and a
>     couple of real servers as virtual machines. My setup is based on
>     Ubuntu 6.10.
>     >
>     > However, the problem only appears when the load-balancer and the
>     real servers are running on the same physical machine (dom0). When
>     migrating the load-balancer live to another physical computer on
>     the same subnet, the network traffic all of a sudden starts to
>     work! This leads me to believe there is a problem with the bridge
>     in dom0. There are some indications on this in the document
>     http://en.opensuse.org/Xen3_and_a_Virtual_Network which discusses
>     moving the bridge/router to a virtual machine.
>     >
>     > I''m not a bridge expert and do not understand why the
brouter
>     setup in the document above would be necessary. Is there some way
>     to make our setup with the bridge in dom0 work?
>     >
>     > -Erling
>     >
>     > Original posting:
>     >
>     > To:  xen-users@xxxxxxxxxxxxxxxxxxx
>     > Subject:  [Xen-users] Problem setting up LVS (Linux Virtual
>     Server) in Xen Virtual Machine
>     > From:  cifroes < cifroes@xxxxxxxxxx>
>     > Date:  Mon, 06 Nov 2006 19:29:22 +0000
>     >
>     > Hi all,
>     >
>     >
>     > I''m trying to setup 3 virtual machines, 1 with LVS (Linux
>     Virtual Server) load-balancing and 2 with Tomcat+Axis (webserver
>     and stuff).
>     >
>     >
>     > I''m using openSUSE 10.1 (xen 3.0.2) in all VMs and Dom0.
>     rcSuseFirewall is stopped, iptables -l report everything
"accept"''ing.
>     >
>     > Here''s my IP configuration:
>     > http://pwp.netcabo.pt/pformoso/network.gif
>     >
>     > You can see there are 3VMs running.
>     >
>     >
>     > In the LB virtual machine I configure Linux Virtual Server
>     (ipvsadm):
>     > ipvsadm -A -t 192.168.200.180:8080
<http://192.168.200.180:8080>
>     -s rr
>     > ipvsadm -a -t 192.168.200.180:8080
<http://192.168.200.180:8080>
>     -r 192.168.200.185:8080 <http://192.168.200.185:8080> -m
>     > ipvsadm -a -t 192.168.200.180:8080
<http://192.168.200.180:8080>
>     -r 192.168.200.190:8080 <http://192.168.200.190:8080> -m
>     >
>     > I also set ip_forward:
>     > echo "1" > /proc/sys/net/ipv4/ip_forward
>     >
>     >
>     > Then, in dom0 I try my LVS:
>     > lynx http://192.168.200.180:8080
>     > but I only get "making http connection to xxxx..."
>     >
>     >
>     > Tomcat logs in both VMs don''t report the connection.
>     > TCP sniffer in VM10/20 reports:
>     > Capturing on eth0
>     >
>     > 1 0.000000 192.168.200.150 <http://192.168.200.150> ->
>     192.168.200.185 <http://192.168.200.185> TCP 44000 > http-alt
>     [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=19301554 TSER=0 WS=2
>     2 0.009607 192.168.200.185 <http://192.168.200.185> ->
>     192.168.200.150 <http://192.168.200.150> TCP http-alt > 44000
>     [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=19273803
>     TSER=19301554 WS=2 3 0.009658 192.168.200.150
>     <http://192.168.200.150> -> 192.168.200.185
>     <http://192.168.200.185> TCP 44000 > http-alt [RST] Seq=1
>     Ack=4283853535 Win=0 Len=0
>     >
>     >
>     > TCP sniffer in LB reports:
>     >
>     > 1 0.000000 192.168.200.150 <http://192.168.200.150> ->
>     192.168.200.180 <http://192.168.200.180> TCP 44000 > http-alt
>     [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=19301554 TSER=0 WS=2
>     2 0.009344 192.168.200.150 <http://192.168.200.150> ->
>     192.168.200.185 <http://192.168.200.185> TCP 44000 > http-alt
>     [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=19301554 TSER=0 WS=2
>     >
>     >
>     >
>     >
>     > Any ideas why this doesn''t work? How should I do it? Any
>     tutorial/howto help is appreciated.
>     >
>     >
>     > Thanks in advance,
>     > --cifroes
>     >
>     > _______________________________________________
>     > Xen-users mailing list
>     > Xen-users@lists.xensource.com
<mailto:Xen-users@lists.xensource.com>
>     > http://lists.xensource.com/xen-users
>     >
>     >
>     >
>
>
>     _______________________________________________
>     Xen-users mailing list
>     Xen-users@lists.xensource.com
<mailto:Xen-users@lists.xensource.com>
>     http://lists.xensource.com/xen-users
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users