[Bug 496932] Re: Keepalived haven't LVS support

Lasse Birnbaum Jensen lasse at sdu.dk
Wed Feb 17 16:41:36 GMT 2010 

Sorry forgot configuration

ips has been changed, but should be consistent

For the LVS NAT to work you should not add any rules for the VIP in the
PRE og POSTROUTING chains, ipvs does this on its own transparently. The
rules add in the test setup is for management of the nodes behind the
LVS. The rules in the INPUT chains is for the VIP.

iptables nat rules
# Generated by iptables-save v1.4.4 on Wed Feb 17 17:33:46 2010
*nat
:PREROUTING ACCEPT [1717:278248]
:POSTROUTING ACCEPT [1000:68909]
:OUTPUT ACCEPT [1000:68909]
-A PREROUTING -d 10.x.x.x/32 -i eth0 -m state --state NEW -j DNAT --to-destination 10.z.z.z
-A PREROUTING -d 10.x.x.y/32 -i eth0 -m state --state NEW -j DNAT --to-destination 10.z.z.v
-A POSTROUTING -s 10.z.z.z/32 -o eth0 -j SNAT --to-source 10.x.x.x
-A POSTROUTING -s 10.z.z.v/32 -o eth0 -j SNAT --to-source 10.x.x.y
COMMIT
# Completed on Wed Feb 17 17:33:46 2010
# Generated by iptables-save v1.4.4 on Wed Feb 17 17:33:46 2010
*filter
:INPUT ACCEPT [4479:1328198]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4396:360856]
-A INPUT -d 10.x.x.VIP/32 -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -d 10.x.x.VIP/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -d 10.x.x.VIP/32 -i eth0 -j DROP
COMMIT
# Completed on Wed Feb 17 17:33:46 2010

remember the ip4_forward

echo "1" > /proc/sys/net/ipv4/ip_forward

nat wont work without it

keepalived.conf

vrrp_instance VIP_MXP {
        state MASTER
        interface eth1
        priority 250
        authentication {
                auth_type PASS
                auth_pass verysecretpassword
        }
        virtual_router_id 200
        virtual_ipaddress {
                10.z.z.BVIP/18 dev eth1 # back default gw
                10.x.x.VIP/20 dev eth0 # front vip
                10.x.x.x/20 dev eth0 # front node1
                10.x.x.y/20 dev eth0 # front node2
        }
        preempt_delay 300
        garp_master_delay 5
}

virtual_server 10.x.x.VIP 25 {
    delay_loop 60
    lb_algo wrr
    lb_kind NAT
    persistence_timeout 3600
    persistence_granularity 255.255.240.0
    protocol TCP
    real_server 10.z.z.z 25 { #node 1
        weight 100
        SMTP_CHECK {
                connect_timeout 10
                retry 3
                delay_before_retry 1
        }
    }
    real_server 10.z.z.v 25 { #node 2
        weight 100
        SMTP_CHECK {
                connect_timeout 10
                retry 3
                delay_before_retry 1
        }
    }
}

-- 
Keepalived haven't LVS support
https://bugs.launchpad.net/bugs/496932
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keepalived in ubuntu.

More information about the Ubuntu-server-bugs mailing list