|
> The file can be found here: http://useme.net/lvs.png
Looks good. Everything past (and including) the firewall won't make a
difference to your LVS setup, so I won't worry about covering that now.
One thing that isn't clear on the diagram - the boxes between the director and
servers and firewall- are these hubs/switches or routers?
> All of the described Server have at least three NIC.
From the diagram you've shown, this isn't nesessary, unless you're trying to
squeeze every last drop of bandwidth out of your servers by using multiple
links. If this is the case, don't worry about it until later.
Having two NICs on each server would be useful if you're using DR as your
forwarding method though; one for incoming packet from the director, one for
outgoing packets to return to the client (bypassing the director, see below).
> I was looking at
> the documentation and I think it would be best for us to setup a LVS-DR
> or LVS-TUN.
No need to use TUN unless you are either:
1) Using different networks for your real servers; or
2) Using an OS on your real servers that doesn't support the packet routing
required by DR.
From your diagram, the real servers are on the same network as the director,
so we can eliminate 1). And I'm guessing that the little penguins on your
real servers mean that you're using linux, so that's 2) sorted.
Looks like DR is the way to go.
*but*, as mentioned in the HOWTOs, it's a good idea to get things started with
NAT, then change it to use DR once that works.
> It is possible for the Director Box to have a public, rout-able IP.
Yes, this is your VIP address. You give your director's external interface an
alias with this VIP.
> The traffic has to pass through the director on its incoming path how
> it is passed back to the client does not matter.
Yes, with DR the packets can be returned straight to the client.
In your case, I think it would be a good idea to follow these steps to get an
understanding of how everything is working:
1) Set up an LVS cluster as shown in section 4.2 of the mini-HOWTO (all on one
network, using one NIC per computer), and configure it to use NAT forwarding
(I'd prefer to do it manually rather than using the scripts, but this is up
to you). The configurations given in the mini-HOWTO show this step-by-step.
___
server 1 ---| |--- director
|hub|
server 2 ---|___|--- clients (via firewall)
2) Change the director to use DR forwarding, and deal with the arp problem on
the real servers (back to the HOWTO). Make sure everything works again.
3) Use the second NIC on the servers to establish an independent return-path:
___ ___
| |--- server 1 ---| |
|hub| |hub|--- director --- router --- clients
|___|--- server 2 ---|___| |
| |
|___________________________________________|
This should just be a matter of playing with the routing tables on the
servers.
(strictly speaking, you won't need to deal with the arp problem in step 3, but
it's good to know what you need to do there)
As for IP addresses: All interfaces can have private addresses, and you then
assign the VIP as an alias for the director's external interface and the
loopback interface on the servers (for DR).
The diagrams at
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO.LVS-DR.html
are very handy too.
Hope this helps,
Jeremy
|
