LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: NAT problem

from [Wensong Zhang] [Permanent Link]
To: Bill Michaelson <bill@xxxxxxxx>
Subject: Re: NAT problem
Cc: laurent@xxxxxxxxx, LVS Mailinglist <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Wensong Zhang <wensong@xxxxxxxxxxxx>
Date: Mon, 06 Dec 1999 23:58:09 +0800 
Bill Michaelson wrote:
> 
> > > relayed to daisy as expected, BUT the packet is still identified as having
> > > a source of fred.  As I interpret the operation of NAT, the packet should
> > > have been modified to show a source of virtip, in order that replies from
> > > daisy are returned via the VS.
> >
> > No, it doesn't change the source of the packet, but it requires that
> > the default route of real servers must be set to the LVS box, so that
> > the response packets can be rewritten back in the VS-NAT mode. In your
> > configuration, the default route of daisy must be set to the LVS box.
> 
> Thanks for the reply.
> 
> Actually, this is the case - I did set the default route of daisy to the
> LVS box.  I just verified it.  In addition to this, the default route
> to daisy from fred is thru the LVS box, albeit on a different IP address.
> I'm not sure if that's relevant.
> 
> > BTW, changing the source of the packet to the virtip sounds good too,
> > it doesn't require that default route rule, but requires additional
> > code to handle it.
> 
> After I wrote the note, I realized this would have inconvenient implications
> on higher layers, disabling most tcpd (tcp wrapper) functionality, seriously
> reducing httpd log utility, etc.
> 
> Can you think of anything I can do to buzz this out further?
> 
> One other thing - about your choice of words - "response packets can
> be rewritten back in the VS-NAT mode" - I assume that you don't mean that
> daisy (the real server) is aware of VS-NAT mode. (?)  This box is running

No, I didn't mean that. I mean that in the VS-NAT mode, response
packets from your "daisy" box to the "fred" box must go through your
"virtip" box, so that the load balancer have chance to rewrite the
source of the response packets back to the virtip.

Since you said that the default route of your "daisy" box was set to
the "virtip" box, it is good, but please check if there is another
route that the "daisy" is directly connected to your "fred" box, which
will break connection.

Wensong

> AIX 4.1 and knows nothing about it!
> 
> Regards,
> 
> Bill

----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ARP BUG .... LO:0 doesnt ARP !, Joseph Mack
Next by Date:  Re: NAT problem, Bill Michaelson
Previous by Thread:  Re: NAT problem, Wensong Zhang
Next by Thread:  Re: NAT problem, Bill Michaelson
Indexes:  [Date] [Thread] [Top] [All Lists]