|
On Tue, Mar 11, 2003 at 07:41:08PM -0000, jpcl@xxxxxxxxxxxxxx wrote:
> > So I'm wondering if there is any difference (in performance or security)
> > about these alternatives, that may inluence the decision:
> >
> > * Solving at realserver level
> > a) Getting my servers to port 80
> > b) Redirecting my server port 80 to 8080
> >
> > * Solving at director level
> > c) Balance port 80 and then redirect outgoing 80 to 8080
> > d) Redirecting port 80 to port 8080, and then balance.
>
> I forgot one thing:
> I have first tryed to build a LVS-NAT and there I've got the rules to do
> NAT from port 80 at the director to port 8080 at the realserver, and it
> worked fine (as expected).
>
> I've just looked to my configuration script (home made) and I've notisted
> that at my rules for LVS-DR I also write the destination port:
>
> /sbin/ipvsadm -a -t $VIP:8080 -r $REALSERVER_2:8080 -g -w 1
>
> This happened 'cause I reused the config script from my lvs-nat setup,
> where the realserver:port is mandatory.
> I'm now wondering wether , in lvs-dr, the "port" from realserver:port
> actually does something or is simply ignored...
>
> In short: can I do
> sbin/ipvsadm -a -t $VIP:8080 -r $REALSERVER_2:80 ?
You can only do port mapping in LVS with NAT.
It won't work with DR or tunnelling.
This won't work.
ipvsadm -a -t $VIP:8080 -r $REALSERVER_2:80
But this will
ipvsadm -a -t $VIP:8080 -r $REALSERVER_2:80 -m
Actually ion the first case the :80 will be ignored by ipvsadm
and 800 will be used.
--
Horms
|
