LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: Client on LoopBack

from [Julian Anastasov] [Permanent Link]
To: Anmol Sheth <anmol@xxxxxxxx>
Subject: Re: Client on LoopBack
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx, mack@xxxxxxxxxxx
From: Julian Anastasov <ja@xxxxxx>
Date: Tue, 30 Jan 2001 14:10:17 +0200 (EET) 
        Hello,

On Tue, 30 Jan 2001, Anmol Sheth wrote:

> Hi Everybody,
> We have a LVS setup as follows-
>
> We are running only NAT. Linux kernel version 2.2.14 running on all the
> boxes. LVS version 0.9.12.
> Client 192.168.1.2
> Director=192.168.1.1
>                 10.1.1.1
> RealServer 10.1.1.2
>
> We wanted to run a client on the director. We were going though the LVS code
> and the HOWTO and came across the following:
>
> 4. Gotchas
> Need outside client:
> The LVS functions as one machine. You must access the LVS from a
> client that is NOT a member of the LVS. You cannot access an LVS
> controlled service (eg http, telnet) from any of the machines in
> the LVS; access from the director will hang, access from a
> realserver will connect to the service locally, bypassing the LVS.
> Minimum 3 machines: client, director, realserver(s)
>
>
> We thought the relevant code from the ip_masq.c file is:
>
> /*
> * Big tappo: only PACKET_HOST (nor loopback neither mcasts)
> * ... don't know why 1st test DOES NOT include 2nd (?)
> */
> if (skb->pkt_type != PACKET_HOST || skb->dev == &loopback_dev) {
> IP_MASQ_DEBUG(2, "ip_fw_demasquerade(): packet type=%d proto=%d
> daddr=%d.%d.%d.%d ignored\n",
> skb->pkt_type,
> iph->protocol,
> NIPQUAD(iph->daddr));
> return 0;
> }
>
> We would like to know if there are any implications of commenting out the
> check for loopback device, especially since we are running only NAT. Would
> this allow us to have a client on the director. Are there any other loopback
> checks.

        LVS will demasquerade the traffic but it will not be masqueraded
when received from the real server. And LVS does not wait in LOCAL_IN
for such replies. Not sure whether the DR method will work here. May
be not because the packets from the real servers will be treated as
source martians.

        So, you can uncomment this check but you will not achieve your
goal. May be there are other problems that will not allow this setup
to work but for now the above restrictions are enough. Other problems
can exist in the LVS code, not sure.

> Waiting in anticipation,
> Aditya,Anmol,Phani.


Regards

--
Julian Anastasov <ja@xxxxxx>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: Client on LoopBack, Julian Anastasov <=
Previous by Date:  Re: performance NAT versus DR ?, Kyle Sparger
Next by Date:  Ipvs with NAT ..., Sebastien COUREAU
Previous by Thread:  ftp active - passive problems, Jeremy Kusnetz
Next by Thread:  Ipvs with NAT ..., Sebastien COUREAU
Indexes:  [Date] [Thread] [Top] [All Lists]