lvs-users
|
|
lvs-users
|
| To: | Joseph Mack <mack.joseph@xxxxxxx> |
|---|---|
| Subject: | Re: LVS Director as default gw? |
| Cc: | Horms <horms@xxxxxxxxxxxx> |
| Cc: | lvs-users@xxxxxxxxxxxxxxxxxxxxxx |
| From: | Matthew Crocker <matthew@xxxxxxxxxxx> |
| Date: | Thu, 22 May 2003 17:19:16 -0400 |
Horms,He's handling the martian problem by not having the VIP on the director? My setup also removed the ARP problem because the networks are split. My real servers have 159.250.20.x as IP aliases. I don't worry about hiding ARP on them. The netblock is routed up to the LVS servers instead of switched. The VIP ports are on the director with the ip route table statement which treats everything with fwmark 1 as local. For some fun try to traceroute to a 159.250.20.x address. It creates a routing loop on my network. The LVS directors route packets for that network as normal (i.e. sends them to its default gateway). Packets going to port 80 & 443 are treated as local and get load balanced. For some more fun try running nmap on 159.250.20.1. The machines don't really exist, only the IP:ports exist. I'm considering moving my mail servers over to this type of a setup for some additional security. A different set of fwmark rules to handle a different group of ports and balance them to a different group of real servers. All on the same IP. LVS + netfilter is cool ;) -Matt |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: LVS Director as default gw?, Joseph Mack |
|---|---|
| Next by Date: | multi-directors share the same VIP?, Aihua Liu |
| Previous by Thread: | Re: LVS Director as default gw?, Joseph Mack |
| Next by Thread: | Re: Re: LVS Director as default gw?, Aihua Liu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |