I can see the following LVS-DR setup running fine :
| | eth0: public FW IP address
| FIREWALL | proxy arp (2.2 kernel) for VIP to DIP
|__________| eth1: private FW IP address = FIP
| | VIP=XXX.XXX.XXX.XXX (eth0:1)
| DIRECTOR | GW = FIP
|__________| DIP=192.168.0.1 (eth0)
| | |
RIP1=192.168.0.2 RIP2=192.168.0.3 RIP3=192.168.0.4 (all eth0)
VIP on lo:1 for all RIPs
_____________ _____________ _____________
| | | | | |
| realserver | | realserver | | realserver |
|_____________| |_____________| |_____________|
GW for all RIPs is FIP.
I would like to merge director and firewall into only one box, but
some questions remain and I have no clear answers :
- I read many different documents and figured out that "proxy arp"
is equivalent to "transparent proxy". Am I right ?
- If so, I found a document (http://www.sjdjweis.com/linux/proxyarp/)
explaining how to do proxy arp on a 2.4 kernel. Will this method
be compatible with LVS as long as director would also be the default
GW for realservers ?
On the other side, I found some explanations by Julian in LVS-HOWTO
chapter 14.4.2 explaining how to patch director kernel to manage source
Both solutions works ?
I would like to have a very stable setup, so I'm wondering whether
switching from LVS-DR to LVS-NAT would be a better approach or not.
In this case, I would like to be sure that LVS-NAT can handle
the actual load of this LVS-DR setup. Can I do some maths
against actual ipvsadm statistical values ?