Re: Question about LVS-DR setup

To:	"'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Question about LVS-DR setup
From:	djo@xxxxxxxxxxxxxxxxxxxxxx
Date:	Mon, 17 Jun 2002 12:46:10 -0700

On Mon, Jun 17, 2002 at 01:24:02PM -0700, Peter Mueller wrote:
> > So my question is: do I need 2 interfaces or just one on the 
> > director.  If
> > two, then will I not have to do DNAT internally on the 
> > director to pass
> > packets from the live IP to the VIP?  If one, how can I get it to work
> > assuming that the director is sitting behind another box doing DNAT?
> 
> With LVS-DR you only need one interface.  The VIP is an ip resource that is
> "in use" by the active LVS box.  Since ip traffic is generally a public
> service like www it is very very common for the VIP to be a public IP.  

If that is the case, how can that one interface both listen to incoming
requests on the public IP's subnet, let's say for the sake of example
66.111.111.111, and then send packets to a real server on the internal subnet,
for example 192.168.1.10?  Seems to me you can't do that without 2 NICs.

As far as I understand, the primary difference between LVS-DR and LVS-NAT is
that with LVS-NAT the packets destined back to the client travle back
through the diretor, whereas with LVS-DR they do not, i.e. they go through
another gateway.  This is what I am trying to do. 

My initial setup was to use only one NIC on the director, configured with
VIP 192.168.1.110 and a real IP of 192.168.1.5.  The real servers are at
192.168.1.22 and 192.168.1.23.  If I browse to .110 from another machine on
the 192.168.1 subnet everything works fine.  But now how can an outside
client reach .110?  So I put a router/firewall box outside the director to
listen on the live IP address and when it sees an http packet it should send
it to .110.  I tested it by bypassing the LVS entirely and redirecting http
packets straight to a real server and it works perfectly.  But when I
redirect the packets to .110 the client cannot connect.  

To me this is the most obvious way to set this whole thing up unless I am
missing something.  I am not sure what the HOWTO's are assuming about how
the routing gets done.

>Hope
> that helps.
> 
> The setup you seem to consistently describe is LVS-NAT.  Please checkout
> http://www.linuxvirtualserver.org/how.html carefully and write back with any
> questions.
> 
> good luck,
> 
> Peter

<Prev in Thread]	Current Thread	[Next in Thread>
Question about LVS-DR setup, djo RE: Question about LVS-DR setup, Peter Mueller Re: Question about LVS-DR setup, djo <= RE: Question about LVS-DR setup, Peter Mueller Re: Question about LVS-DR setup, djo Default gw for lvs-dr, djo Re: Question about LVS-DR setup, Hendrik Thiel Re: Question about LVS-DR setup, Joseph Mack Re: Question about LVS-DR setup, djo Re: Question about LVS-DR setup, Joseph Mack Re: Question about LVS-DR setup, djo Re: Question about LVS-DR setup, Joseph Mack RE: Question about LVS-DR setup, Peter Mueller

Previous by Date:	RE: Question about LVS-DR setup, Peter Mueller
Next by Date:	RE: Question about LVS-DR setup, Peter Mueller
Previous by Thread:	RE: Question about LVS-DR setup, Peter Mueller
Next by Thread:	RE: Question about LVS-DR setup, Peter Mueller
Indexes:	[Date] [Thread] [Top] [All Lists]