|
Thanks to Julian and Joe, I've got the LVS-Tun working using the Director as
the default gateway of the real servers.
Joe, your problem may be solved by the "ip rule add prio...." commands
(below).
First, I setup the director with the following commands (VIP is 90.0.0.35):
iptables -F -t mangle
iptables -t mangle -A PREROUTING -i eth0 -p tcp -s 0.0.0.0/0 -d
90.0.0.35/32 --dport http -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -p tcp -s 0.0.0.0/0 -d
90.0.0.35/32 --dport https -j MARK --set-mark 1
ipvsadm -A -f 1 -s wlc -p 1200
ipvsadm -a -f 1 -r 192.168.32.1 -i
ipvsadm -a -f 1 -r 192.168.32.6 -i
To get the Fwmarks to be picked up by ipvsadm, I used Julian's suggestion:
ip rule add prio 100 fwmark 1 table 100
ip route add local 0/0 dev lo table 100
On the real servers:
ifconfig tunl0 90.0.0.35 netmask 255.255.255.255 broadcast 90.0.0.35 up
route add -host 90.0.0.35 dev tunl0
Thanks for you help everyone.
Jeff
-----Original Message-----
From: mack@xxxxxxxxxxxxxxxxxxx [mailto:mack@xxxxxxxxxxxxxxxxxxx]On
Behalf Of Joseph Mack
Sent: Monday, July 08, 2002 12:36 PM
To: Horms; Julian Anastasov; lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Cc: Jeff
Subject: Re: FW: LVS-Tun and Fwmarks
Julian Anastasov wrote:
>
> Hello,
>
> On Sat, 6 Jul 2002, Jeff wrote:
>
> > Unfortunately, I'm missing something. I believe it may have to do with
the
> > lack of a VIP on the Director because when I try and access 90.0.0.35
from
> > the client, using tcpdump on eth0 of the Director, I can see the arp
request
> > for 90.0.0.35, but the Director doesn't answer. Somehow I must need to
>
> Yes, you have to deliver somehow the traffic for VIP locally.
> The simplest way is to configure VIP as normal IP on the director.
I remember doing making up all the fwmark examples in the HOWTO without any
VIP's being put on the director. I don't remember anything terribly special
about getting fwmarks running except arranging to route the packets for the
VIP
to the director from the client (or router). However now when I try to set
up my simplest telnet fwmark example from the HOWTO,
step1: mark anything for VIP:23 with fwmark 1
step2: setup ipvsadm to forward fwmark = 1
step3: setup the VIP on lo:0 on the realservers and make it hidden.
step4: send all packets from the client to the director with
arp -s VIP MAC_address_director
The director (which doesn't have the VIP) is not accepting packets
for the fwmark. Instead after the arrival of the first packet from
the client, the director sends out arp requests for
who has vip, tell director
There seems to be something important I've forgotten here.
Any ideas anyone?
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
