|
> > I am having problems with LVS-NAT and iptables running on the same
> > director. For some reason iptables rules that do static NAT for traffic
> > originating from a real server quit working after some time.
>
> Could you be a little more specific on "quit working after some time",
> please? I'm referring to (but not exclusively): kernel version, iptables
> version, your rules, your setup, dmesg, tcpdump traces on both director
> interfaces for one connection attempt, ...
Unfortunately "quit working after some time" is about the best way to
describe it. All software are original RedHat AS 3.0 rpms:
kernel-2.4.21-15.0.2.EL
iptables-1.2.8-12.3
ipvsadm-1.21-9.ipvs108
piranha-0.7.6-1
I have static NAT configured for a particular server using this iptables
command:
iptables -v -t nat -I POSTROUTING -s 172.28.1.25 -j SNAT --to-source
66.165.220.47
LVS-NAT is configured using the /etc/sysconfig/ha/lvs.conf file which
appears to be part of the RedHat piranha package.
When I say "quit working after some time" i mean exactly that. After the
firstor boots everything works just fine. After several hours the director
ceases to forward packets to the 172.28.1.25 RIP. Things break in both
directions, LVS processed packets as well as packets processed using the
iptables rule. There is nothing in dmesg indicating there is anything
wrong. I cannot find any aparent cause, no trigger for this happening.
Also, I cannot get the director to resume forwarding packets to/from the
172.28.1.25 RIP by restarting services, reloading iptables, LVS rules,
etc. The only things that makes a difference is a reboot.
The director is in a production environment. So far the timing of these
outages hasn't been a"convenient" to do any troubleshooting.
> > One problem remains that now I need a floating address on both sides of
>
> Apologies for my ignorance but what is a "floating address"? Do you mean
> a routeable/public address/IP?
In the documentation I read the floating ip address is the ip address that
switches between the two directors in a failover configuration. On the
internal network side of LVS-NAT this would be the default gateway all
real servers point to.
> > the director, the original floating address used by the real servers as
> > default gateway and a floating address on the external side of the
> > director to route traffic for the real server network to. How can I do
> > this?
>
> You don't need routeable IP addresses inside the LVS collision domain
> (read: the phyiscal network consisting of the LVS' internal interface
> and all connected RSs), you can overlay as many public address spaces on
> top of a private one as you want. Plus keep in mind that for LVS-DR the
> director is not the DGW anymore.
Correct, but I would like to continue using LVS-NAT, with the directors
continuing to be default gateways. Reason for this is the ARP problem and
the fact that there are a variety of OSs on the real servers.
Adi
|
