Re: Port 0 not support non-persistent

To:	"lvs-users@xxxxxxxxxxxxxxxxxxxxxx" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Port 0 not support non-persistent
From:	Horms <horms@xxxxxxxxxxxx>
Date:	Tue, 13 Jun 2000 12:54:38 -0700

On Tue, Jun 13, 2000 at 03:36:52PM -0400, Thomas A. Morris wrote:
> 
> Horms wrote:
> 
> >
> >
> > If you want to have a virtual service listening on all ports for a given IP
> > address or set of IP addresses then you would be best to look at using the
> > fwmark support. The will work for persistent and non-persistent services
> > and forward the connection to the same port on the selected real server
> > that the packet was recieved on.
> >
> > You should get the latest IPVS (and ipvsadm) if you are going to use
> > fwmark and multiple ports with masquerading as there was a bugfix
> > in between 0.9.12 and 0.9.13.
> >
> > --
> > Horms
> >
> 
> Could someone provide pointers to examples of how to set  up fwmark support?
> Specifically, an example of the ipchains and ipvsadm options?

I believe that the HOWTO is in the process of being updated, but on the
meantime I have some documentation on the using the fwmark in conjunction
with Ultra Monkey - http://ultramonkey.sourceforge.net/ .

Examining
http://ultramonkey.sourceforge.net/ultramonkey-1.0.1/topologies/example-lb-3-fwmark.html

This uses ldirectord to issues the ipvsadm commands.
The output of ipvsadm -L -n follows:

ipvsadm -L -n
IP Virtual Server version 0.9.11 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port          Forward Weight ActiveConn InActConn
FWM  1 rr
  -> 192.168.6.3:80              Masq    1      0          0         
  -> 192.168.6.2:80              Masq    1      0          0       

This means that any packets matching firewall-mark 1 will be load balanced
between 192.168.6.3 192.168.6.2 which are masqueraded. Note: in more LVS
0.9.13 specifying the port for real servers when using fwmark is not
neccesary as the source port will be used, even for masqueraded services.

The ipvscommans to do this without ldirectord would be

ipvsadm -A -f 1 -s rr
ipvsadm -a -f 1 -r 192.168.6.3:80 -m
ipvsadm -a -f 1 -r 192.168.6.2:80 -m


Details on setting up the ipchains rules and the required non-arping
loopback device are given on the web page referenced above, but _very_
breifly what you need to do is:

ipchains -A forward -j MASQ -s 192.168.6.0/24     #it is a masq service
ipchains -A input -d 192.168.0.0/24 -m 1

ifconfig lo:0 192.168.0.0 netmask 255.255.255.0 mtu 1500
echo 1 > /proc/sys/net/ipv4/conf/all/hidden
echo 1 > /proc/sys/net/ipv4/conf/lo/hidden


-- 
Horms

<Prev in Thread]	Current Thread	[Next in Thread>
build err, zhaohf Re: build err, Joseph Mack Re: build err, Wenzhuo Zhang Port 0 not support non-persistent, Wayne Re: Port 0 not support non-persistent, Julian Anastasov Message not available Re: Port 0 not support non-persistent, Wayne Re: Port 0 not support non-persistent, Horms Message not available Re: Port 0 not support non-persistent, Horms <= LVS vs. L4-switch, ??? Message not available Re: LVS vs. L4-switch, ??? Re: LVS vs. L4-switch, Horms Re: LVS vs. L4-switch, Wayne Re: Port 0 not support non-persistent, Julian Anastasov Re: Port 0 not support non-persistent, Wensong Zhang Message not available Re: Port 0 not support non-persistent, Wayne Message not available Message not available Re: build err, zhaohf Re: build err, Joseph Mack

Previous by Date:	Re: Direct Routing and Real IPs, Horms
Next by Date:	LVS vs. L4-switch, ???
Previous by Thread:	Re: Port 0 not support non-persistent, Horms
Next by Thread:	LVS vs. L4-switch, ???
Indexes:	[Date] [Thread] [Top] [All Lists]