iptable CLUSTERIP won't work
Posted
by
Rad Akefirad
on Server Fault
See other posts from Server Fault
or by Rad Akefirad
Published on 2014-08-22T04:16:47Z
Indexed on
2014/08/22
4:21 UTC
Read the original article
Hit count: 566
We have some requirements which explained here. We tried to satisfy them without any success as described. Here is the brief information:
Here are requirements: 1. High Availability 2. Load Balancing
Current Configuration: Server #1: one static (real) IP for each 10.17.243.11 Server #2: one static (real) IP for each 10.17.243.12 Cluster (virtual and shared among all servers) IP: 10.17.243.15
I tried to use CLUSTERIP to have the cluster IP by the following:
on the server #1
iptables -I INPUT -i eth0 -d 10.17.243.15 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:5E:00:00:20 --total-nodes 2 --local-node 1
on the server #2
iptables -I INPUT -i eth0 -d 10.17.243.15 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:5E:00:00:20 --total-nodes 2 --local-node 2
When we try to ping 10.17.243.15 there is no reply. And the web service (tomcat on port 8080) is not accessible either. However we managed to get the packets on both servers by using TCPDUMP.
Some useful information:
iptable roules (iptables -L -n -v):
Chain INPUT (policy ACCEPT 21775 packets, 1470K bytes)
pkts bytes target prot opt in out source destination
0 0 CLUSTERIP all -- eth0 * 0.0.0.0/0 10.17.243.15 CLUSTERIP hashmode=sourceip clustermac=01:00:5E:00:00:20 total_nodes=2 local_node=1 hash_init=0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 14078 packets, 44M bytes)
pkts bytes target prot opt in out source destination
Log messages:
... kernel: [ 7.329017] e1000e: eth3 NIC Link is Up 100 Mbps Full Duplex, Flow Control: None
... kernel: [ 7.329133] e1000e 0000:05:00.0: eth3: 10/100 speed: disabling TSO
... kernel: [ 7.329567] ADDRCONF(NETDEV_CHANGE): eth3: link becomes ready
... kernel: [ 71.333285] ip_tables: (C) 2000-2006 Netfilter Core Team
... kernel: [ 71.341804] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
... kernel: [ 71.343168] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully
... kernel: [ 108.456043] device eth0 entered promiscuous mode
... kernel: [ 112.678859] device eth0 left promiscuous mode
... kernel: [ 117.916050] device eth0 entered promiscuous mode
... kernel: [ 140.168848] device eth0 left promiscuous mode
TCPDUMP while pinging:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:11:55.335528 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
10.17.243.1 > 10.17.243.15: ICMP echo request, id 16162, seq 2390, length 64
12:11:56.335778 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
10.17.243.1 > 10.17.243.15: ICMP echo request, id 16162, seq 2391, length 64
12:11:57.336010 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
10.17.243.1 > 10.17.243.15: ICMP echo request, id 16162, seq 2392, length 64
12:11:58.336287 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
10.17.243.1 > 10.17.243.15: ICMP echo request, id 16162, seq 2393, length 64
And there is no ping reply as I said. Does anyone know which part I missed?
Thanks in advance.
© Server Fault or respective owner