|
On Thu, Jan 20, 2000 at 10:51:42AM -0500, tc lewis wrote:
> director: 199.199.199.2 (eth0?) and 199.168.199.4 (eth1?) (shrug)
> vip: 199.199.199.3
> real server 1: 199.168.199.2 (whatever)
> real server 2: 199.168.199.3 (whatever)
> subnetting: normal class C, /24 block, netmask 255.255.255.0 (for both
> networks)
> router: 199.199.199.1, no special firewall action going on, etc.
> internal network's gateway: 199.168.199.1 (ethX?) and 199.199.199.4 (ethY?)
> (shrug)
>
> the director would be setup with ipvsadm -g commands for direct routing,
> and the gateway on the real servers would be configured as that "internal
> network's gateway", 199.168.199.1, which would presumably be setup as a
> [linux] machine to forward packets from 199.168.199/24 back out to the
> real world (via masquerading?).
>
> would this work? what kind of problems would be involved? any thoughts
> on the matter or suggestions would be greatly appreciated, as always.
The problem is that with Direct routing the reply from the real
server has the vip as the source address. As this is an address
of one of the interfaces on the director it will drop it if you
try and forward it through the director. It appears from
experimentation week with /proc/sys/net/ipv4/conf/*/rp_filter
that at least on 2.2.14, there is no way to turn this behaviour
off.
--
Horms
----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
|
