|LVS-tun with OpenVZ [message #51329]
||Mon, 14 April 2014 17:52
Registered: April 2014
Hello! Please, give me some tips or solution with this problem:|
I try to build LVS balanser with single LVS machine (separate) and 2 OpenVZ containers (each in separate nodes)
LVS mode is Tun (NAT is working fine, but i think tun is much better)
Virtual Address for LVS = 10.0.0.10
IP_Real_Server1 = 10.0.0.100
IP_Real_Server2 = 10.0.0.101
Client IP = 10.0.0.200
In containers i add special device for tun traffic -
ip addr add dev tunl0 10.0.0.10/32 brd 10.0.0.10
Other interfaces is lo and venet0.
Like this ustintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-DR.html
So, when i try to get my 10.0.0.10, my networking way looks like this:
Requests goes to VIP on LVS, incapsulate into packages to IP_Real_Server, goes to Real Servers, tunl0 get this package, open it, make reply and this all...
I can see incoming packages on tunl0 in container, i can see outgoing packages on venet0 interface INSIDE container, but on venet0 in node - nothing...
So tcpdump in container show me this:
tcpdump -i venet0 host 10.0.0.200
0:38:48.795082 IP 10.0.0.10.http > 10.0.0.200.45003: Flags [R.], seq 0, ack 101263465, win 0, length 0
20:38:49.390828 IP 10.0.0.10.http > 10.0.0.200.45362: Flags [R.], seq 0, ack 914500130, win 0, length 0
Does it real to make LVS-tun in OpenVZ?
It looks like venet0 cant working with traffic from unknown source, or what?
Please, give me a tip
Inside container i add this parameters:
For all interfaces in /proc/sys/net/ipv4/conf/*/rp_filter set 0
My kernel version 2.6.32-042stab085.17 and distro is CentOS 6.5