Chinaunix
标题:
LVS DR 模式下的 SYN_RECV 问题求助!
[打印本页]
作者:
lonelysoul011
时间:
2013-10-24 21:57
标题:
LVS DR 模式下的 SYN_RECV 问题求助!
本帖最后由 lonelysoul011 于 2013-10-24 22:20 编辑
LVS 状态:
ipvsadm -lnc
IPVS connection entries
pro expire state source virtual destination
TCP 00:58 SYN_RECV 111.90.178.66:57244 172.28.29.130:80 172.28.29.153:80
TCP 00:58 SYN_RECV 111.90.178.66:57242 172.28.29.130:80 172.28.29.153:80
IP 09:49 NONE 111.90.178.66:0 0.0.0.10:0 172.28.29.153:0
复制代码
ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.28.29.130:443 wlc persistent 600
-> 172.28.29.153:443 Route 5 0 0
TCP 172.28.29.130:80 wlc persistent 600
-> 172.28.29.153:80 Route 5 0 0
FWM 10 wlc persistent 600
-> 172.28.29.153:0 Route 5 0 2
复制代码
realserver 状态:
netstat -nt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 172.28.29.130:80 111.90.178.66:4723 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4731 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4734 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4724 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4736 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4726 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4733 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4728 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4729 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4735 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4730 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4732 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4725 SYN_RECV
tcp 0 0 172.28.29.130:80 111.90.178.66:4727 SYN_RECV
tcp 0 0 172.28.29.153:8022 172.28.29.150:48520 ESTABLISHED
tcp 0 0 172.28.29.153:8022 172.28.29.150:49391 ESTABLISHED
复制代码
LVS 和 realserver的路由都是一样的,同时都关闭selinux
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.28.29.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 172.28.29.254 0.0.0.0 UG 0 0 0 eth0
复制代码
LVS 防火墙状态,realsrever未开防火墙。
iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
MARK tcp -- anywhere 172.28.29.130 tcp dpt:http MARK set 0xa
MARK tcp -- anywhere 172.28.29.130 tcp dpt:https MARK set 0xa
复制代码
在同一个机房,用内网地址可以正常通过VIP访问。
请各位朋友解惑!谢谢
作者:
wenhq
时间:
2013-10-24 22:00
收不到TCP Client的ACK? 难道是arp欺骗?
作者:
lonelysoul011
时间:
2013-10-24 22:20
在同一个机房,用内网地址可以正常通过VIP访问。
作者:
wenhq
时间:
2013-10-24 22:24
查网络问题
作者:
lonelysoul011
时间:
2013-10-31 22:10
谢谢各位的回答,等换个网络设备看看!
欢迎光临 Chinaunix (http://bbs.chinaunix.net/)
Powered by Discuz! X3.2