15 June 2013

As time goes, things may change. This it ture in time when it was written.

Overview

In out network we are using HA solution based on the keepalived and ipvsadm on both IPv4 and IPv6 networks.

Debian Squeeze

Debian Squeeze is shipped with keepalived in version 1.1.20. In the Debian Squeeze Backports there is version 1.2.2 which supports IPv6 healtcheckers. It works perfectly.

Debian Wheezy

As the Debian Wheeze was relased I decided to upgrade the servers. I did fresh install launch my ansible playbook. All stuff works perfectly. I got full provisioned server in few min. But then I found that I’ve got a problem ;(

What’s wrong with Wheezy?

### keepalived After upgrade to Debian the IPv6 healtcheckers stopped working. In the logs there was no reason what happend. The version is 1.2.2 the same as on backported version.

Problem Aftre using strace I found the problem

gettimeofday({1370947544, 221287}, NULL) = 0
socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 15
setsockopt(15, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
fcntl64(15, F_GETFL)                    = 0x2 (flags O_RDWR)
fcntl64(15, F_SETFL, O_RDWR|O_NONBLOCK) = 0
bind(15, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 128) = -1 EAFNOSUPPORT (Address family not supported by protocol)

Solution Solution is 1 line patch, already in the upstream. But howto get this patch into debian package? There are several ways

  • try to push the debian maintener fix it
    There is offical Debian Bug 699540. I have tried this way, but without any success.
  • patch the packeage source and build your own
    This is my solution.
  • build newer version of the keepalived and do not use debain package

ipvsadm

Right after solving the problem with the keepalived I found another with ipvsadm utility.

Problem If you have more then one backend server for the destination there will will be showed only one if you run ipvsadm -Ln. If you list the /proc/net/ip_vs you will get the correct table.

Solution Of course this is also official bug with almost one line patch file.

In BTS there are two bugs, which seems to be related to this issue - #685495 ipvsadm not showing all server nodes - #706680 ipvsadm dosn’t display the virtual server table correct

In this case you have the first 2 possibilities to solve it. This bug still lives in the maintream code. In my case I also choosed the second one.

Conclusion

I love Debian distribution for it stability. This is my first choice for server deployment. But in this case I think, these bugs will not be removed from the BTS so early ;(

Few days ago i read “Updated Debian 7: 7.1 released” but these bug are still opened wihout any respond from the mainteners ;(