WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] dom0 with ipvsadm to domU masquerade strange behavior

from [Michael Lang] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] dom0 with ipvsadm to domU masquerade strange behavior
From: Michael Lang <michi+xen@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 02 Oct 2006 11:59:44 +0200
Delivery-date: Mon, 02 Oct 2006 03:05:14 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Hi,

i've encountered a strange behavior of Xen 3.0.2 with dom0 setup to use
ipvsadm to masquerade a Service to it's domU same machine. 

reproduce able with:
(example service sendmail)

setup in dom0:

        $ ipvsadm -A -t ${externalip}:25 -s wrr
        $ ipvsadm -a -t ${externalip}:25 -r ${internalip}:25 -m -w 1

trying to connect from outside looks like:

        $ telnet ${externalip} 25
        Trying ${externalip}...
        Connected to ${externalreversefqdn} (${externalip}).
        Escape character is '^]'.
        ^]quit  

after getting "Escape character is '^]'." no response string shows up.
doing a tcpdump, i can see the packet arrives but immediately a TCP
Recent shows up. I've tested this with two different Machines (dom0) and
the strangest thing i noticed that using a different machine for Service
than domU works fine (so that domU isnt located on the same machine as
dom0). Any suggestion how to fix this ? 

kind regards 
Michael Lang

tcpdump:

# tcpdump -nnNi any port 25
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96
bytes
11:56:03.901541 IP ${remoteip}.45156 > ${dom0serviceip}.25: S
3500878808:3500878808(0) win 5840 <mss 1460,sackOK,timestamp 297651832
0,nop,wscale 2>
11:56:03.901734 IP ${remoteip}.45156 > ${domUserviceip}.25: S
3500878808:3500878808(0) win 5840 <mss 1460,sackOK,timestamp 297651832
0,nop,wscale 2>
11:56:03.901760 IP ${remoteip}.45156 > ${domUserviceip}.25: S
3500878808:3500878808(0) win 5840 <mss 1460,sackOK,timestamp 297651832
0,nop,wscale 2>
11:56:03.903417 IP ${domUserviceip}.25 > ${remoteip}.45156: S
646178341:646178341(0) ack 3500878809 win 5792 <mss
1460,sackOK,timestamp 216071861 297651832,nop,wscale 2>
11:56:03.903417 IP ${domUserviceip}.25 > ${remoteip}.45156: S
646178341:646178341(0) ack 3500878809 win 5792 <mss
1460,sackOK,timestamp 216071861 297651832,nop,wscale 2>
11:56:03.903491 IP ${dom0serviceip}.25 > ${remoteip}.45156: S
646178341:646178341(0) ack 3500878809 win 5792 <mss
1460,sackOK,timestamp 216071861 297651832,nop,wscale 2>
11:56:03.905582 IP ${remoteip}.45156 > ${dom0serviceip}.25: . ack 1 win
1460 <nop,nop,timestamp 297651836 216071861>
11:56:03.905630 IP ${remoteip}.45156 > ${domUserviceip}.25: . ack 1 win
1460 <nop,nop,timestamp 297651836 216071861>
11:56:03.905638 IP ${remoteip}.45156 > ${domUserviceip}.25: . ack 1 win
1460 <nop,nop,timestamp 297651836 216071861>
11:56:03.935918 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071864 297651836>
11:56:03.935918 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071864 297651836>
11:56:03.936050 IP ${dom0serviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071864 297651836> 11:56:04.137015
IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94) ack 1 win 1448
<nop,nop,timestamp 216071885 297651836>
11:56:04.137015 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071885 297651836> 11:56:04.137173
IP ${dom0serviceip}.25 > ${remoteip}.45156: P 1:95(94) ack 1 win 1448
<nop,nop,timestamp 216071885 297651836>
11:56:04.556866 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071927 297651836> 
11:56:04.556866 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071927 297651836>
11:56:04.556984 IP ${dom0serviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216071927 297651836>
11:56:05.397267 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216072011 297651836>
11:56:05.397267 IP ${domUserviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216072011 297651836>
11:56:05.397320 IP ${dom0serviceip}.25 > ${remoteip}.45156: P 1:95(94)
ack 1 win 1448 <nop,nop,timestamp 216072011 297651836>
11:56:05.958753 IP ${remoteip}.45156 > ${dom0serviceip}.25: F 1:1(0) ack
1 win 1460 <nop,nop,timestamp 297653890 216071861>
11:56:05.958808 IP ${remoteip}.45156 > ${domUserviceip}.25: F 1:1(0) ack
1 win 1460 <nop,nop,timestamp 297653890 216071861>
11:56:06.162455 IP ${remoteip}.45156 > ${dom0serviceip}.25: F 1:1(0) ack
1 win 1460 <nop,nop,timestamp 297654094 216071861>
11:56:06.162528 IP ${remoteip}.45156 > ${domUserviceip}.25: F 1:1(0) ack
1 win 1460 <nop,nop,timestamp 297654094 216071861>
11:56:06.570379 IP ${remoteip}.45156 > ${dom0serviceip}.25: F 1:1(0) ack
1 win 1460 <nop,nop,timestamp 297654502 216071861>
11:56:06.570442 IP ${remoteip}.45156 > ${domUserviceip}.25: F 1:1(0) ack
1 win 1460 <nop,nop,timestamp 297654502 216071861>


-- 
Michael Lang <michi+xen@xxxxxxxxxxxxxxxxxxxx>


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] netif_release_rx_bufs: 18 xfer, 46 noxfer, 192 unused, Julian Hagenauer
Next by Date:  [Xen-users] Small fix for xenoprof problem. xenoprof: Initialization failed. Intel processor model 15 for P6 class family is not supported, Wong Louis
Previous by Thread:  [Xen-users] netif_release_rx_bufs: 18 xfer, 46 noxfer, 192 unused, Julian Hagenauer
Next by Thread:  Re: [Xen-users] dom0 with ipvsadm to domU masquerade strange behavior, Michael Lang
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy