|
Joseph Mack NA3T wrote:
> On Mon, 18 Sep 2006, Per Jessen wrote:
>
>> OK, just a quick feedback - the datacenter has confirmed they've got
>> a router check for "IP Spoofing" enabled, which prevents the real
>> server
>> responses from getting through. I've now ordered 5 servers on the
>> same
>> physical network, which will then hopefully work. If not, I guess I
>> could resort to LVS-NAT.
>
> the problem is not the RIPs on the realservers, which can be
> anything (presumably belonging to the datacenter's IP
> range), but the packets with src_addr=VIP going to 0/0.
Part of the standard deal at this datacenter is that you can have a
6-address subnet made available per server for free. However, in order
for a number of servers to share this, they need to be physically on
the same net too. The RIPs will be whatever, but my VIPs will be from
that extra subnet.
I can't quite work out if their IP Spoofing prevention will screw up
things in this situation too, but at least I have LVS-NAT as a last
resort. Both LVS-DR and LVS-TUN seem to me to be more elegant
solutions, but ...
> The datacenter doesn't have the VIP in its range, it's in your
> range, but it's coming out of the machines in their
> datacenter.
In this case the VIPs are in a range that was dished out by the
datacenter.
/Per
|
