LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: doing both NAT and DR, I need help.

To: Jeremy Hansen <jeremy@xxxxxxxxxxxx>
Subject: Re: doing both NAT and DR, I need help.
Cc: Joseph Mack <mack@xxxxxxxxxxx>, lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: tc lewis <tcl@xxxxxxxxx>
Date: Fri, 22 Sep 2000 13:02:33 -0400 (EDT)
does the "ip" command not have this functionality?
to setup special routing from the real servers.
then if you want to use your balancer as a nat server at the same time i
don't see why that wouldn't work as long as the traffic has nothing to do
with the load balanced traffic, but maybe there is actually a problem
there and you would need a separate machine for nat/masquerading.

-tcl.


On Fri, 22 Sep 2000, Jeremy Hansen wrote:

> 
> Ok.  Here's a layout of basically how it setup
> 
> 
>                 internet 
>                     |
>                 64.204.99.1 (network providers router)
>                     |
>                 switch
>                   |
> real server 1                 lvs machine             real server 2
> RIP (10.100.50.247)        RIP (64.204.99.249)        RIP (10.100.50.246)
> lo:0 (64.204.99.240)       VIP (64.204.99.240)        lo:0 (64.204.99.240)
> default gw 64.204.99.1                                default gw 64.204.99.1
> static arp entry                                      static arp entry
> for the router,                                               for the router,
> 64.204.99.1                                           64.204.99.1
> 
> real server 3 (which is not to be load balanced)
> RIP (10.100.50.245)
> 
> The problem is real server 1,2,3 cannot get to the internet which is a
> requirement.  Basically because these machines don't really have a real ip
> address at all, so for them to get out, they need to be NAT's at some
> point.
> 
> What I thought you be possible is to set up a route or some type of rule
> that says if traffic originates from 10.100.50.0/24, instead of using the
> default gw, 64.204.99.1, go through 64.204.99.249 and be masqeraded, but
> at thew same time if traffic originates from elsewhere and gets passed
> from the LVS machine's VIP, then use the default gw and use DR instead.
> 
> So I could masq and use DR for important traffic all at the same time.
> 
> I hope this clears things up.  My original email was pretty misleading.
> 
> Thanks
> -jeremy
> 
> 
> 
> On Fri, 22 Sep 2000, Joseph Mack wrote:
> 
> > On Fri, 22 Sep 2000, Jeremy Hansen wrote:
> > 
> > > 
> > > I have a situation where I'm using DR, but I need to NAT *some*
> > > traffic.
> > > 
> > > I have the lvs server setup with real ip's, but all the real servers are
> > > using internal addresses.  I'm using DR, so the real servers are actually
> > > using the real ip of my upstream providers router, I'm statically
> > > assigning the mac address of the router to the real servers.
> > 
> > I don't understand the last two sentences. (I assume the router is the box
> > connecting your public network to the ISP). But lets put that aside for 
> > the moment. 
> > 
> > The VIP is a routable IP, so clients on the internet can send packets to
> > the LVS. The real-servers will also have the VIP on them, so they can send
> > replies to the client. The RIPs on the real-servers and the network
> > connecting the director to the real-servers can be anything you like,
> > including non-routable IPs (ie 192.168.x.x).
> > 
> > Can you explain your problem again saying why this framework won't work
> > in your case.
> > 
> > Joe
> > 
> > --
> > Joseph Mack mack@xxxxxxxxxxx
> > 
> > 
> 
> eholes.org * jeremy@xxxxxxxxxx
> -----------------------------------------
> eholes have feelings too...
> 
> 
> 
> 



<Prev in Thread] Current Thread [Next in Thread>