iptable CLUSTERIP won't work

Posted by Rad Akefirad on Server Fault See other posts from Server Fault or by Rad Akefirad
Published on 2014-08-22T04:16:47Z Indexed on 2014/08/22 4:21 UTC
Read the original article Hit count: 566

Filed under:
|
|
|
|

We have some requirements which explained here. We tried to satisfy them without any success as described. Here is the brief information:

Here are requirements: 1. High Availability 2. Load Balancing

Current Configuration: Server #1: one static (real) IP for each 10.17.243.11 Server #2: one static (real) IP for each 10.17.243.12 Cluster (virtual and shared among all servers) IP: 10.17.243.15

I tried to use CLUSTERIP to have the cluster IP by the following:

on the server #1
iptables -I INPUT -i eth0 -d 10.17.243.15 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:5E:00:00:20 --total-nodes 2 --local-node 1

on the server #2  
iptables -I INPUT -i eth0 -d 10.17.243.15 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:5E:00:00:20 --total-nodes 2 --local-node 2  

When we try to ping 10.17.243.15 there is no reply. And the web service (tomcat on port 8080) is not accessible either. However we managed to get the packets on both servers by using TCPDUMP.

Some useful information:
iptable roules (iptables -L -n -v):

Chain INPUT (policy ACCEPT 21775 packets, 1470K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CLUSTERIP  all  --  eth0   *       0.0.0.0/0            10.17.243.15         CLUSTERIP hashmode=sourceip clustermac=01:00:5E:00:00:20 total_nodes=2 local_node=1 hash_init=0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 14078 packets, 44M bytes)
 pkts bytes target     prot opt in     out     source               destination

Log messages:

... kernel: [    7.329017] e1000e: eth3 NIC Link is Up 100 Mbps Full Duplex, Flow Control: None
... kernel: [    7.329133] e1000e 0000:05:00.0: eth3: 10/100 speed: disabling TSO
... kernel: [    7.329567] ADDRCONF(NETDEV_CHANGE): eth3: link becomes ready
... kernel: [   71.333285] ip_tables: (C) 2000-2006 Netfilter Core Team
... kernel: [   71.341804] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
... kernel: [   71.343168] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully
... kernel: [  108.456043] device eth0 entered promiscuous mode
... kernel: [  112.678859] device eth0 left promiscuous mode
... kernel: [  117.916050] device eth0 entered promiscuous mode
... kernel: [  140.168848] device eth0 left promiscuous mode

TCPDUMP while pinging:

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:11:55.335528 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.17.243.1 >     10.17.243.15: ICMP echo request, id 16162, seq 2390, length 64
12:11:56.335778 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.17.243.1 >     10.17.243.15: ICMP echo request, id 16162, seq 2391, length 64
12:11:57.336010 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.17.243.1 >     10.17.243.15: ICMP echo request, id 16162, seq 2392, length 64
12:11:58.336287 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.17.243.1 >     10.17.243.15: ICMP echo request, id 16162, seq 2393, length 64

And there is no ping reply as I said. Does anyone know which part I missed?
Thanks in advance.

© Server Fault or respective owner

Related posts about linux

Related posts about iptables