|
Hi,
Is it true that packets pass through lvs-nat won't pass through
iptables.POSTROUTING chain any more?
Our network looks like following.
IDC_A----------LB_A-------------------------------LB_B-------------IDC_B
203.x.y.z 10.0.01 | 10.0.0.2
61.a.b.c
| 10.0.0.254
ROUTER
|192.168.8.254
|
------------------------- 192.168.8.x
[REAL SERVERS]
On LB_A:
ipvsadm -A -t 203.x.y.z:80 -s lc
ipvsadm -a -t 203.x.y.z:80 -r 192.168.8.1:90 -m
ipvsadm -a -t 203.x.y.z:80 -r 192.168.8.2:90 -m
...
ipvsadm -a -t 203.x.y.z:80 -r 192.168.8.n:90 -m
On LB_B:
ipvsadm -A -t 61.a.b.c:80 -s lc
ipvsadm -a -t 61.a.b.c:80 -r 192.168.8.1:90 -m
ipvsadm -a -t 61.a.b.c:80 -r 192.168.8.2:90 -m
...
ipvsadm -a -t 203.61.a.b.c:80 -r 192.168.8.n:90 -m
Objective: Access cluster through both load balancer LB_A and LB_B.
Obviously, the key problem is that we must desing a method response packet for
those
requests come in from LB_A must be send out through LB_A.
I tried to perform SNAT on both LB, like
On LB_B:
iptables -t nat -A POSTROUTING -d 192.168.8.0/24 --dport 90 -j SNAT --to-source
61.a.b.c
On LB_A:
iptables -t nat -A POSTROUTING -d 192.168.8.0/24 --dport 90 -j SNAT --to-source
203.x.y.z
Unfortunately, both LB_A and LB_B don't seems do SNAT to net 192.168.8.0/24
Any best resolvents other than add two linux box and perform SNAT before load
balancer?
Oscar
|
