Re: Direct Routing and Real IPs

To: "Lvs-Users (E-mail)" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Direct Routing and Real IPs
From: Horms <horms@xxxxxxxxxxxx>
Date: Tue, 20 Jun 2000 19:11:36 -0700
On Wed, Jun 14, 2000 at 04:59:07PM -0400, tc lewis wrote:
> > >>  1. Is it possible to use DR without having to have each webserver
> > >> use a uniqe real IP address.  Basically I have a DMZ with a limeted
> > number
> > >> of IP addresses and I will need most of them for VIPs.
> > >
> > > Technically yes, though the Real servers will not be able to intiate
> > > connections to the outside world if they are sitting on RFC 1918
> > addresses.
> > > But they should be able to reply to LVSed traffic as the source
> > > address apply will be set to the VIP.
> > 
> >     OK, I tried this but when I have eth0 = 192.168.x.x and lo:1 =
> > 216.94.x.110 on the RSs the system wont let me set a default route of
> > 216.94.x.97 which would be the default route for the VIP. I get a "network
> > not accessable" error.  I got around this with "route add -net 216.94.x.96
> > netmask eth0"  I can then add the proper default route but
> > it still does not work, I am wondering if using tunneling would solve my
> > problems.  I think I am going to try that next.
> correct me if i'm wrong, but i don't think you'd need your "real" ip's
> (vip) route on the real server.  the real server simply needs a gateway to
> the internet.  192.168.whatever.1 could be a box with ip forwarding
> enabled, or any other method to give that box an outgoing gateway.  the gw
> machine might need to allow packet forwarding from the vip instead of just
> from the real server's ip.

That is true, unless you are using NAT in which case the return
path must pass through the LVS host.


<Prev in Thread] Current Thread [Next in Thread>