|
On Sat, 2006-01-21 at 13:16 -0800, Joseph Mack NA3T wrote:
> so why doesn't Judd need the rules on the director that you
> needed?
Because in a single VIP LVS-NAT, with that VIP assigned locally on the
realservers on a dummy interface (or loopback alias), the realservers
will always answer requests for the VIP locally.
In a two-VIP case (the simplest multiple), if you have two "groups" [0]
of realservers, then the director becomes involved by virtue of it being
the default gateway for the realservers.
At the point the director gets involved you need some way of determining
which interface your traffic is on, and segregation via fwmark seems the
most elegant way to achieve this (given the known and predictable
failure of realservers as clients in LVS-NAT). I know I struggled for
months before realising that I could, in effect, combine the use of NAT
via an external interface for my real clients, and DR via an internal
interface for my "realservers as clients".
[0] I use the word groups in quotes and advisedly, since it appears that
Alteon use that in their setup terminology from previous posts.
Graeme
|
