> Alex Kramarov wrote:
> I have 2 directors (active/active), running with keepalived. behind them are
> 4 real servers, running nt (yaicccssss, didn't have a
> choice...). The directors have 2 vip's , each each directed (lvs-nat) to pair
> to realservers, each pair provides separate
> functions, working great, no problem here. all the realservers are on the
> same network 10.0.0.0/24. Now, i need to access from a
> server in pair 1 to a server in pair 2, and i need to do that through some
> highly available point (not though connecting to one of
> the servers directly, but through some vip on the internal network). Now, i
> am trying to understand how this would work. Tried
> lvs-nat, establishing vip 10.0.0.x on the director, but it didn't work, and
> on second throught it seems that for lvs-nat to work,
> there has to be routing ? so vip and real servers must be in different ip
> subnets ?
but do you know about
What I think you are saying is that you want a one network LVS, with the client
an IP on the realservers. I think if you're going to do this you would need to
sure that the client IP wasn't one of the RIPs. Maybe having 2 NICs on each
with the RIP on eth1. Let us know how it goes.
> and another question - i am using the directors aslo as iptables firewalls,
> so right now the sync daemon is useless to me (during
> failover ip_conntrack data is not updated, so the state sync for lvs is
> useless). Are there plans to include iptables sync into
> lvs sync ?
There is no stateful failover for iptables. Harald Welte is working on it.
It will be about a year before he expects to release it. In the meantime
you should have only stateless rules on the director and have your stateful
rules on the realservers if you want to use iptables with director failover.
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA