From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Alex Samad - Yieldbroker <Alex.Samad@yieldbroker.com>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: Re: help with cluster and/or clusterip
Date: Wed, 26 Dec 2012 23:51:16 +0100 [thread overview]
Message-ID: <20121226225116.GB32453@1984> (raw)
In-Reply-To: <A3FB5D9FD28C50429DF7692DC31054E604BA741B@DC1INTADCW8201.yieldbroker.com>
Hi,
On Tue, Dec 18, 2012 at 04:30:17AM +0000, Alex Samad - Yieldbroker wrote:
[...]
> I am sticking with clusterip... until somebody show / explains why
> cluster module is better ....
The cluster match is more generic. You cannot use CLUSTERIP for
load-sharing setups in gateways, only in backend nodes.
> My default gateway had the wrong mac associated with the ip address,
> I had the VIP assigned to the nic before I had the CLUSTERIP
> iptables line. So arp request where being answered with the mac of
> the nic not the maddr ! so I cleared the switched arp table for that
> entry and now I am getting packets to both machines.
>
> And tcpdump sees all the inbound packets. The line in iptables
> consumes the packet if it fails ie not for this machine. The
> interesting thing is seeing all the reply packets from the test
> machine go to second node ( the one that is not handling the link
> ... oh well)
>
> Now when I try to make a https connection so
>
> Client -> router -> cluster vlan
>
> I can see the tree way hand shake syn, syn/ack, ack. Well from the client side
>
> But on the server side I have this
> tcp 0 0 10.32.21.30:10001 10.172.207.133:60123 SYN_RECV
>
> tcpdump has the ack ... but some reason it's not making it up the stack
Not sure I got it. But if you're using CLUSTERIP in the router, it
will not work.
Regards.
next prev parent reply other threads:[~2012-12-26 22:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-18 4:30 help with cluster and/or clusterip Alex Samad - Yieldbroker
2012-12-26 22:51 ` Pablo Neira Ayuso [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-12-18 1:59 Alex Samad - Yieldbroker
2012-12-18 0:40 Alex Samad - Yieldbroker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121226225116.GB32453@1984 \
--to=pablo@netfilter.org \
--cc=Alex.Samad@yieldbroker.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).