Re: LVS-DR where Directors are also Realservers

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	Re: LVS-DR where Directors are also Realservers
From:	Horms <horms@xxxxxxxxxxxx>
Date:	Tue, 26 Aug 2003 22:04:28 +0900

On Tue, Aug 26, 2003 at 06:36:58AM -0400, Joseph Mack wrote:
> Horms wrote:
> 
> > There are some more options too: Use a fwmark service and be rid of your
> > VIP on an interface all together.
> 
> getting rid of the VIP altogether is still a bit of a problem isn't it?

That is what the next sentance was trying to say :) Fwmarks are offtopic
for the original question - they were really intended as a passing
remark in my previous message - but I will try and straighten things out
anyway.

> there;'s a solutions that apparently came originally from Julian 
> 
> http://marc.theaimsgroup.com/?l=linux-virtual-server&m=106020019020431&w=2

That is pretty straight forward and basically the way fwmarks
work if you are using them for more than one IP address, which
was the reason they were origionally added to the LVS code.

The route commands are needed because ipvs is called after routing takes
place.  I think that in the case of fwmarks it would be best to move the
code to the prerouting stage to avoid the need for this. I.e. hook
ip_vs_in into NF_IP_PRE_ROUTING instead of NF_IP_LOCAL_IN.

> http://marc.theaimsgroup.com/?l=linux-virtual-server&m=106020171022117&w=2
> (this is the one I don't understand, why are the packets being accepted 
> locally?)

The packets are delivered locally because of the "local" in

ip route add local 0/0 dev lo table 100

Again, this isn't really the way it was supposed to work AFAIR.

> http://marc.theaimsgroup.com/?l=linux-virtual-server&m=106020384024935&w=2
> 
> http://marc.theaimsgroup.com/?l=linux-virtual-server&m=106025816703369&w=2
> 
> http://marc.theaimsgroup.com/?l=linux-virtual-server&m=106027054519969&w=2
> 
> etc
> 
> I haven't put it in the HOWTO as I don't understand what's going on.
> Do you know what it's about?

I don't follow what there is to understand. Those three
meesages refer to specifics of what Matthew Crocker is
doing with his network with snort.

> 
> Thanks Joe
> -- 
> Joseph Mack PhD, High Performance Computing & Scientific Visualization
> SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
> Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx

-- 
Horms

<Prev in Thread]	Current Thread	[Next in Thread>
LVS-DR where Directors are also Realservers, ken price Re: LVS-DR where Directors are also Realservers, Andy Harding Re: LVS-DR where Directors are also Realservers, Joseph Mack Re: LVS-DR where Directors are also Realservers, Joseph Mack Re: LVS-DR where Directors are also Realservers, ken price Re: LVS-DR where Directors are also Realservers, Joseph Mack Re: LVS-DR where Directors are also Realservers, Horms Re: LVS-DR where Directors are also Realservers, Joseph Mack Re: LVS-DR where Directors are also Realservers, Horms <= Re: LVS-DR where Directors are also Realservers, Joseph Mack Re: LVS-DR where Directors are also Realservers, Julian Anastasov Re: LVS-DR where Directors are also Realservers, Joseph Mack Re: LVS-DR where Directors are also Realservers, Faruk Ahmed Re: LVS-DR where Directors are also Realservers, Julian Anastasov Re: LVS-DR where Directors are also Realservers, Horms Re: LVS-DR where Directors are also Realservers, Julian Anastasov Re: LVS-DR where Directors are also Realservers, Horms Re: LVS-DR where Directors are also Realservers, Julian Anastasov Re: LVS-DR where Directors are also Realservers, Horms

Previous by Date:	Re: IDENT protocol and DR, Joseph Mack
Next by Date:	Re: LVS-DR where Directors are also Realservers, Joseph Mack
Previous by Thread:	Re: LVS-DR where Directors are also Realservers, Joseph Mack
Next by Thread:	Re: LVS-DR where Directors are also Realservers, Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]