|
> > <recipe>
> > ipchains -A input -p TCP -s $client -d VIP 80 -m 1 -j ACCEPT
> > ipvsadm -A -f 1 -s wlc
> > ipvsadm -a -f 1 -r $real_server
> > # rest of ipvsadm stuff goes next...
> > </recipe>
>
> hmm,
> I got a bit confused with the port 81 bit, but apparently
> Julian didn't. I also didn't quite get the problem, which I now see
> to be
I emailed Julian seperately about it and perhaps gave him added info that
you didn't see :P. The solution seems so obvious once you use fwmarks..
sigh well now I know!
> In a functioning LVS, you want requests from only a certain
> IP/netmask to
> to be forwarded to one set of realservers (which may be a
> subset of the
> total realservers, or may be other dedicated realservers), while the
> rest of the requests are forwarded normally to the whole LVS.
right. the idea is to route packets from XYZ ip address or network block to
some server that is listening with the VIP ip address. here's what I sent
to Julian for "why" this might be useful:
<snip>
source-controlled routing for us gives a few advantages, I will try to
explain. please let me know if this helps or does not help.
1 - when clients inside our company launch our Sidestep client, we want that
client to redirect automatically to staging. going to staging directly
means it is easier to test code, etc. this is a small advantage and is
merely the "proving grounds" or first step.
2 - one of our customers has this proxy server java-code caching issue
(client is not working) and we want to steer them to a server that won't
have the issue. unfortunately the customer is technically not very
competent, the idea is to avoid having them change anything on their end.
3 - it'd be nice to redirect our competitors/scrapers to a machine that had
incorrect or out of date information. surely most companies would think
this is a cool feature!
4 - it is advantageous to have more control in case of mishap.
</snip>
> Joe
cheers & thanks for your time Joe & Julian
Peter
|
