Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 29th August 2007, 18:52
_stephan_ _stephan_ is offline
Junior Member
 
Join Date: Aug 2007
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi,

nmap-ing the VIP shows only the HTTP and MySQL ports as filtered. But, now it's only sometimes filtered.. So it works a couple of hours, after a restart of 1 RS, the ports change to filtered.. strange, isn't it?

greets.
Reply With Quote
Sponsored Links
  #12  
Old 20th March 2009, 00:11
Tenebris Tenebris is offline
Junior Member
 
Join Date: Mar 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Loopback alias

I've been trying to do this and the real server loses all contact with this outside world.
In fact, the server won't respond to any requests after I add such a loopback alias.
Any one else here having the same issue?

Solomon

Quote:
Originally Posted by tate_harmann View Post
Yes,
That was the problem. I just did:

ifconfig lo:0 192.168.200.79 255.255.255.255

to add the alias, and the server started accepting requests.

thanks,
Reply With Quote
  #13  
Old 20th March 2009, 13:44
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Which distribution are you using, and which tutorial (URL) did you follow?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #14  
Old 20th March 2009, 22:45
Tenebris Tenebris is offline
Junior Member
 
Join Date: Mar 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Loopback alias

I'm using CentOS 5 and I was following a tutorial out of several pages:

First, the O'Reilly Book, Linux System Administrator's Guide, under the chapter for load balancers.
Second, http://www.jedi.com/obiwan/technolog...key-rhel4.html, which followed pretty much the same logic.
Third, http://www.ultramonkey.org/3/topolog...-ha-lb-eg.html

I even used the "correction" script from http://classcast.blogspot.com/2006/1...on-centos.html that was supposed to solve the loopback alias problem...
Except the the "correction" script locks out everything once it tries to raise the loopback alias. Also the correction script wants an executable that doesn't exist: /etc/ha.d/rc.d/arptables-noarp-addr_takeip. (I did a yum search for arptables and ended up installing arptables_jf, but that didn't install such an executable either).

I've tried experimenting with different configurations out of ldirectord.cf, including changing gate to masq and (gasp!) ipip.

I'm pretty sure my sysctl settings are correct, but here they are:
On my load balancer:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296

...and on my nodes:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2

...and my LB's ldirectord.cf is as follows:
checktimeout=10
checkinterval=12
autoreload=no
logfile="local0"
quiescent=no
virtual=10.0.0.100:80
real=10.0.0.101:80 gate
real=10.0.0.102:80 gate
service=http
request="ldirectord.html"
receive="I'm alive!"
scheduler=rr
protocol=tcp
checktype=negotiate

There is an "ldirectord.html" on each of the nodes that is successfully acknowledged... if the node is not running with a loopback alias. If I do set my node's loopback alias as follows:
ipconfig lo:0 10.0.0.100 netmask 255.255.255.255
...the node stops responding to the load balancer. However, I can still hit the node from anywhere else except the load balancer.

If I take the loopback alias down on the nodes, ldirectord says it can see the nodes, but any attempt to hit the virtual IP now times out.
Reply With Quote
  #15  
Old 21st March 2009, 21:19
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Instead of setting up a loopback alias, you can try this on the nodes (in /etc/sysctl.conf):
net.ipv4.ip_nonlocal_bind=1

This allows the nodes (and therefore Apache) to listen to IPs that are currently not bound to them.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #16  
Old 24th March 2009, 20:30
Tenebris Tenebris is offline
Junior Member
 
Join Date: Mar 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Tried that just now, but...

...still no dice. However, since then, I've noticed some interesting other behavior...

I tried setting the LB's "checkinterval" value to 30, so that it checks to see if it can access nodes 30 seconds apart. (Or a "tick" in old MUD parlance). At this current point, the loopback interface on every node is down.

Then I fire up ldirectord, and let it see the nodes. (If the loopback alias on the nodes is currently up, then it won't get a response from the nodes, and will flag those nodes as unavailable.)

If I were to hit the Virtual IP from a web browser it'll time out.
However, if I turn on the loopback aliases on the nodes right now, everything works perfectly - the requests successfully route to a random node.

At least, until the next tick, maximum 30 seconds later, at which point, the load balancer cannot make a request of the node and marks it as being nonfunctional.

It is almost as if the Load Balancer does forward packets to the node, but cannot receive confirmation that it has done so. ldirectord marks the node disabled after "checkinteraval" seconds have passed, because requests to the node don't come back. It is obvious that the node is listening, but is unable to respond to the LB because the node's loopback alias is set to the Virtual IP.

Any help would be appreciated.

(From a loopback standpoint, I don't understand how a node is ever expected to communicate with another server when the node loopback alias is set to be the same as that other server.)


Solomon Chang
Reply With Quote
  #17  
Old 25th March 2009, 16:32
adam0x54 adam0x54 is offline
Junior Member
 
Join Date: Jun 2008
Posts: 13
Thanks: 0
Thanked 1 Time in 1 Post
 
Default

Use heartbeat v2 and make an active/active apache configuration. The documentation is kinda stupid but once you get it, it simply works. I spent like a week to figure it out but it works.

Get the CentOS RPM from here: http://download.opensuse.org/reposit...ha-2.1/RHEL_5/


http://www.linux-ha.org/FactSheetv2

-Adam
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 03:43.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.