On Wed, Jun 14, 2000 at 04:59:07PM -0400, tc lewis wrote:
> > >> 1. Is it possible to use DR without having to have each webserver
> > >> use a uniqe real IP address. Basically I have a DMZ with a limeted
> > number
> > >> of IP addresses and I will need most of them for VIPs.
> > >
> > > Technically yes, though the Real servers will not be able to intiate
> > > connections to the outside world if they are sitting on RFC 1918
> > addresses.
> > > But they should be able to reply to LVSed traffic as the source
> > > address apply will be set to the VIP.
> > OK, I tried this but when I have eth0 = 192.168.x.x and lo:1 =
> > 216.94.x.110 on the RSs the system wont let me set a default route of
> > 216.94.x.97 which would be the default route for the VIP. I get a "network
> > not accessable" error. I got around this with "route add -net 216.94.x.96
> > netmask 255.255.255.224 eth0" I can then add the proper default route but
> > it still does not work, I am wondering if using tunneling would solve my
> > problems. I think I am going to try that next.
> correct me if i'm wrong, but i don't think you'd need your "real" ip's
> (vip) route on the real server. the real server simply needs a gateway to
> the internet. 192.168.whatever.1 could be a box with ip forwarding
> enabled, or any other method to give that box an outgoing gateway. the gw
> machine might need to allow packet forwarding from the vip instead of just
> from the real server's ip.
That is true, unless you are using NAT in which case the return
path must pass through the LVS host.