RE: LVS-DR + public/private routes

To:	"'lvs-lists@xxxxxxxxxxxxxx'" <lvs-lists@xxxxxxxxxxxxxx>, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	RE: LVS-DR + public/private routes
From:	Peter Mueller <pmueller@xxxxxxxxxxxx>
Date:	Fri, 26 Mar 2004 13:44:46 -0800

> ISP -- switch -- (director, real servers)

No.  LVS-NAT topology is different.
http://www.linuxvirtualserver.org/VS-NAT.html.  I think you could still use
the same physical segment, but then you'd have to get into IP aliasing and
other complications.  It's a better solution if you buy a $50 switch and a
second ethernet adapter and segregate the networks.  Maybe you can even skip
the switch and use a VLAN.

> VIP: 68.xx.xx.174
> DIP: 68.xx.xx.171
> RIP: 68.xx.xx.163-170
> 
> Gateway: 68.xx.xx.161
> 
> Private: 192.168.8.3-12  (each RIP got a private IP as I thought this
>                         was gonna be "easy" to transition to a full
>                         private LVS-DR) 
> Private gw: 192.168.3.5  (one of the existing real servers was
>                         masquerading for network connectivity)

No.  The gateway for NAT topology has to be the director.  You will also
need to change the director config (ipvsadm, keepalived, ldirectord,
whatever you are using).

> 1) Can LVS-DR handle private addresses?  (assume yes)

Yes, but only if the VIP is on the same private segment.

> 2) Can LVS-DR handle a mix of private and public addresses?

No.  DR must have Director & Real servers on the same network segment.

> 3) If I set up a purely private LVS-DR, what should I do for
>    private-ip routing?  I've read docs that seem to indicate that as
>    long as you're on the same segment it shouldn't really care if
>    you're gateway'd at all or not.  But maybe I've just lost my mind.

I think we've all lost our minds.  Fortunately it is Friday here and
approaching beer time...

I would set your topology up something like this -
http://www.ultramonkey.org/2.0.1/topologies/lb-eg.html.  More of Horm's
pretty topologies @ http://www.ultramonkey.org/2.0.1/topologies/.

> 4) Any other clues that would be of assistance in cutting from a
>    public RIP LVS-DR to a private RIP LVS-DR?

I guess you could do

Outside client -> External server -> Iptables PREROUTING NAT magic translate
to internel IP -> Load balancer LVS-DR on private segment VIP -> Real
servers.

But that doesn't make sense compared to an LVS-NAT topology.

Cheers,

Peter

<Prev in Thread]	Current Thread	[Next in Thread>
LVS-DR + public/private routes, David Sinck multiple vips with ultramonkey/ldirectord, Dave Lowenstein Re: multiple vips with ultramonkey/ldirectord, Dave Lowenstein Re: multiple vips with ultramonkey/ldirectord, Horms Re: LVS-DR + public/private routes, Joseph Mack RE: LVS-DR + public/private routes, Peter Mueller <=

Previous by Date:	LVS-DR + public/private routes, David Sinck
Next by Date:	Persistance with, Randy Paries
Previous by Thread:	Re: LVS-DR + public/private routes, Joseph Mack
Next by Thread:	[PATCH 1/2] Syncd Strong authentication extension, Alexandre Cassen
Indexes:	[Date] [Thread] [Top] [All Lists]