|
> >
> > I have observed that Cisco routers, alteon L4 switches change only the
> > destination MAC when redirecting traffic. The original destination
traffic
> > remains unchanged. However in case of the LVS the destination IP is
changed.
> > Am I looking at wrong application?
> >
> Basically the only thing a director does in LVS-DR is replace the MAC.
> The destination IP information should be the same.
Ok now following your direction now I am using the following topology for
LVS-DR.
<cisco router>
202.79.63.230
|
|-------------------------|-----------------------|
| | |
| | |
eth0: 202.79.63.240 fxp0 202.79.63.241 202.79.63.235
<Director> <real server > <client>
(gw: cisco) (gw: cisco) (gw: cisco)
Director, real server and client are all on same subnet. Cisco router is the
gateway of all the hosts.
Director setup:
ipvsadm -A -f 2 -s sh
ipvsadm -a -f 2 -r 202.79.45.241:80
iptables -t mangle -I PREROUTING -p tcp --dport 80 -j MARK --set-mark 2
iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT
I have turned off ip_forward and Masquerade from inptables at all.
Tcpdump in director:
202.79.45.235.1993 > 64.236.16.116.80: S 1880932316:1880932316(0) win 64240
<mss 1460,nop,nop,sackOK>
202.79.45.235.1993 > 202.79.45.240.80: S 1880932316:1880932316(0) win 64240
<mss 1460,nop,nop,sackOK>
The second packet suggest that the director is changing destination IP from
64.236.16.116 to 202.79.45.240 (IP of the director itself)
tcpdump in real server:
202.79.45.235.1993 > 202.79.45.240.80: S 1880932316:1880932316(0) win 64240
<mss 1460,nop,nop,sackOK> (DF)
202.79.45.240.80 > 202.79.45.235.1993: S 3672894223:3672894223(0) ack
1880932317 win 57344 <mss 1460> (DF)
202.79.45.235.1993 > 202.79.45.240.80: R 1880932317:1880932317(0) win 0
Real server is replying back to client using director IP in source...so got
Reset!
Am I missing something??
> I think you are making this harder then it is. Why all the redirects
> on the Cisco? Why the private IP space between the directors and
> the realservers? Are you trying to do LVS-NAT?
Well, I do need to use the Cisco Router because it is the gateway for all
my clients. Inface it is my border router from which I intend to redirect
all the http request coming from clients.
Also there is nothing wrong with the Cisco redirection setup and TP proxy
setup since I have been using the same setup in production invironment for
last couple of years. Now i just need to redirect the traffic to Director
(from cisco) which then again should get redirected to multiple Squid server
in some balance way.
Now i have dropped the idea of LVS-NAT. I am just concentrating on LVS-DR
thank you once again,
Bikrant
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.7.10/25 - Release Date: 6/21/2005
>
>
|
