realpdm/IPVS Director Settings Secret

## IPVS Director Settings
ipvsadm -Sn (keepalived sets these up)
-A -t 10.64.96.10:80 -s sh -p 60
-a -t 10.64.96.10:80 -r 10.65.74.72:80 -i -w 1
-A -t 10.64.96.10:443 -s sh -p 60
-a -t 10.64.96.10:443 -r 10.65.74.72:443 -i -w 1

Interface:  VIP address ison lo interface so ExaBGP can advertise it
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet 10.64.96.10/32 brd 10.64.96.10 scope global lo:540o0a

## OS Info
Linux adc-ipvs-lb2001 2.6.32-504.30.3.el6.x86_64 #1 SMP Tue Jul 14 11:18:03 CDT 2015 x86_64 x86_64 x86_64 GNU/Linux

 /sbin/modinfo ip_vs
filename:       /lib/modules/2.6.32-504.30.3.el6.x86_64/kernel/net/netfilter/ipvs/ip_vs.ko
license:        GPL
srcversion:     6C3CC9C055045FA0ECA1774
depends:        ipv6,libcrc32c
vermagic:       2.6.32-504.30.3.el6.x86_64 SMP mod_unload modversions
parm:           conn_tab_bits:Set connections' hash size (int)

/sbin/modinfo ip_vs_sh
filename:       /lib/modules/2.6.32-504.30.3.el6.x86_64/kernel/net/netfilter/ipvs/ip_vs_sh.ko
license:        GPL
srcversion:     2EAF6C9DD83264246DBA82C
depends:        ip_vs
vermagic:       2.6.32-504.30.3.el6.x86_64 SMP mod_unload modversions


ipvsadm-1.26-4.el6.x86_64

## Real Server Settings
ysctl:
net.ipv4.conf.tunl0.rp_filter = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1

Interface:
8: tunl0: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
    link/ipip 0.0.0.0 brd 0.0.0.0
    inet 10.64.96.10/32 brd 10.64.96.10 scope global tunl0:540o0a

## tcpdump on IPVS Director node
10.240.8.72 client running curl
10.64.96.10 VIP address advertised with ExaBGP
10.65.74.72 Realserver

17:09:40.750074 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [S], seq 573101480, win 14600, options [mss 1460,sackOK,TS val 592982504 ecr 0,nop,wscale 7], length 0
17:09:40.750111 IP 10.65.74.77 > 10.65.74.72: IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [S], seq 573101480, win 14600, options [mss 1460,sackOK,TS val 592982504 ecr 0,nop,wscale 7], length 0 (ipip-proto-4)
17:09:40.750780 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [.], ack 4261714231, win 115, options [nop,nop,TS val 592982504 ecr 2501301549], length 0
17:09:40.750796 IP 10.65.74.77 > 10.65.74.72: IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [.], ack 1, win 115, options [nop,nop,TS val 592982504 ecr 2501301549], length 0 (ipip-proto-4)
17:09:40.819644 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 0:77, ack 1, win 115, options [nop,nop,TS val 592982573 ecr 2501301549], length 77
17:09:40.819659 IP 10.65.74.77 > 10.65.74.72: IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 0:77, ack 1, win 115, options [nop,nop,TS val 592982573 ecr 2501301549], length 77 (ipip-proto-4)
17:09:40.820663 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [.], ack 1449, win 137, options [nop,nop,TS val 592982574 ecr 2501301618], length 0
17:09:40.820678 IP 10.65.74.77 > 10.65.74.72: IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [.], ack 1449, win 137, options [nop,nop,TS val 592982574 ecr 2501301618], length 0 (ipip-proto-4)
17:09:40.820704 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [.], ack 3580, win 160, options [nop,nop,TS val 592982574 ecr 2501301618], length 0
17:09:40.820705 IP 10.65.74.77 > 10.65.74.72: IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [.], ack 3580, win 160, options [nop,nop,TS val 592982574 ecr 2501301618], length 0 (ipip-proto-4)
17:09:40.823431 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 77:403, ack 3580, win 160, options [nop,nop,TS val 592982577 ecr 2501301618], length 326
17:09:41.023949 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 77:403, ack 3580, win 160, options [nop,nop,TS val 592982778 ecr 2501301618], length 326
17:09:41.425929 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 77:403, ack 3580, win 160, options [nop,nop,TS val 592983180 ecr 2501301618], length 326
17:09:42.229955 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 77:403, ack 3580, win 160, options [nop,nop,TS val 592983984 ecr 2501301618], length 326
17:09:43.837943 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 77:403, ack 3580, win 160, options [nop,nop,TS val 592985592 ecr 2501301618], length 326
17:09:46.017707 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [F.], seq 403, ack 3580, win 160, options [nop,nop,TS val 592987771 ecr 2501301618], length 0
17:09:46.017723 IP 10.65.74.77 > 10.65.74.72: IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [F.], seq 403, ack 3580, win 160, options [nop,nop,TS val 592987771 ecr 2501301618], length 0 (ipip-proto-4)
17:09:47.053924 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 77:403, ack 3580, win 160, options [nop,nop,TS val 592988808 ecr 2501306816], length 326
	ipvsadm -Sn (keepalived sets these up)
	-A -t 10.64.96.10:80 -s sh -p 60
	-a -t 10.64.96.10:80 -r 10.65.74.72:80 -i -w 1
	-A -t 10.64.96.10:443 -s sh -p 60
	-a -t 10.64.96.10:443 -r 10.65.74.72:443 -i -w 1

	Interface: VIP address ison lo interface so ExaBGP can advertise it
	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	inet 127.0.0.1/8 scope host lo
	inet 10.64.96.10/32 brd 10.64.96.10 scope global lo:540o0a
	Linux adc-ipvs-lb2001 2.6.32-504.30.3.el6.x86_64 #1 SMP Tue Jul 14 11:18:03 CDT 2015 x86_64 x86_64 x86_64 GNU/Linux

	/sbin/modinfo ip_vs
	filename: /lib/modules/2.6.32-504.30.3.el6.x86_64/kernel/net/netfilter/ipvs/ip_vs.ko
	license: GPL
	srcversion: 6C3CC9C055045FA0ECA1774
	depends: ipv6,libcrc32c
	vermagic: 2.6.32-504.30.3.el6.x86_64 SMP mod_unload modversions
	parm: conn_tab_bits:Set connections' hash size (int)

	/sbin/modinfo ip_vs_sh
	filename: /lib/modules/2.6.32-504.30.3.el6.x86_64/kernel/net/netfilter/ipvs/ip_vs_sh.ko
	license: GPL
	srcversion: 2EAF6C9DD83264246DBA82C
	depends: ip_vs
	vermagic: 2.6.32-504.30.3.el6.x86_64 SMP mod_unload modversions



	ipvsadm-1.26-4.el6.x86_64
	ysctl:
	net.ipv4.conf.tunl0.rp_filter = 2
	net.ipv4.conf.all.arp_announce = 2
	net.ipv4.conf.all.arp_ignore = 1

	Interface:
	8: tunl0: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
	link/ipip 0.0.0.0 brd 0.0.0.0
	inet 10.64.96.10/32 brd 10.64.96.10 scope global tunl0:540o0a
	10.240.8.72 client running curl
	10.64.96.10 VIP address advertised with ExaBGP
	10.65.74.72 Realserver

	17:09:40.750074 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [S], seq 573101480, win 14600, options [mss 1460,sackOK,TS val 592982504 ecr 0,nop,wscale 7], length 0
	17:09:40.750111 IP 10.65.74.77 > 10.65.74.72: IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [S], seq 573101480, win 14600, options [mss 1460,sackOK,TS val 592982504 ecr 0,nop,wscale 7], length 0 (ipip-proto-4)
	17:09:40.750780 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [.], ack 4261714231, win 115, options [nop,nop,TS val 592982504 ecr 2501301549], length 0
	17:09:40.750796 IP 10.65.74.77 > 10.65.74.72: IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [.], ack 1, win 115, options [nop,nop,TS val 592982504 ecr 2501301549], length 0 (ipip-proto-4)
	17:09:40.819644 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 0:77, ack 1, win 115, options [nop,nop,TS val 592982573 ecr 2501301549], length 77
	17:09:40.819659 IP 10.65.74.77 > 10.65.74.72: IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 0:77, ack 1, win 115, options [nop,nop,TS val 592982573 ecr 2501301549], length 77 (ipip-proto-4)
	17:09:40.820663 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [.], ack 1449, win 137, options [nop,nop,TS val 592982574 ecr 2501301618], length 0
	17:09:40.820678 IP 10.65.74.77 > 10.65.74.72: IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [.], ack 1449, win 137, options [nop,nop,TS val 592982574 ecr 2501301618], length 0 (ipip-proto-4)
	17:09:40.820704 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [.], ack 3580, win 160, options [nop,nop,TS val 592982574 ecr 2501301618], length 0
	17:09:40.820705 IP 10.65.74.77 > 10.65.74.72: IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [.], ack 3580, win 160, options [nop,nop,TS val 592982574 ecr 2501301618], length 0 (ipip-proto-4)
	17:09:40.823431 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 77:403, ack 3580, win 160, options [nop,nop,TS val 592982577 ecr 2501301618], length 326
	17:09:41.023949 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 77:403, ack 3580, win 160, options [nop,nop,TS val 592982778 ecr 2501301618], length 326
	17:09:41.425929 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 77:403, ack 3580, win 160, options [nop,nop,TS val 592983180 ecr 2501301618], length 326
	17:09:42.229955 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 77:403, ack 3580, win 160, options [nop,nop,TS val 592983984 ecr 2501301618], length 326
	17:09:43.837943 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 77:403, ack 3580, win 160, options [nop,nop,TS val 592985592 ecr 2501301618], length 326
	17:09:46.017707 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [F.], seq 403, ack 3580, win 160, options [nop,nop,TS val 592987771 ecr 2501301618], length 0
	17:09:46.017723 IP 10.65.74.77 > 10.65.74.72: IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [F.], seq 403, ack 3580, win 160, options [nop,nop,TS val 592987771 ecr 2501301618], length 0 (ipip-proto-4)
	17:09:47.053924 IP 10.240.8.72.60642 > 10.64.96.10.443: Flags [P.], seq 77:403, ack 3580, win 160, options [nop,nop,TS val 592988808 ecr 2501306816], length 326