Re: traffic between LVS clusters

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: traffic between LVS clusters
From: Tom <bigendian+lvs@xxxxxxxxx>
Date: Wed, 27 Sep 2006 18:48:51 -0700

I assume you are asking how to keep real servers from sending packets
directly back to the client which happen to be on the same LAN.  The problem
being that the client (a real server in this case) is trying to connect to a
VIP address but is getting response packets from another real server's IP
address which of course won't work.

From a network perspective, you could solve this in a number of ways.  The
trick is to make the packets on the connections between the two groups of
real servers always traverse your LVS director.

One solution would be to NAT the source IP addresses of the real servers
that will be connecting to the secondary VIP to something local to the
director so that the real servers don't see the actual client IP.  This is
usually a bad solution as your application will not be able to record the IP
address of the clients, but might work for you since you should be able to
limit the source NAT'd addresses to your real servers.  Interestingly, you
will be literally NAT'ing both the source and destination addresses for
different reasons with this solution.

You could also force the two groups of real servers to always route packets
through the director via static routes.

Most easily, however, you could simply put the different real server groups
on different subnets so that they always route via the director even though
they are on the same LAN as each other.


On 9/27/06, Rodney Mckee <rodney.mckee@xxxxxxxxxxxxxx> wrote:


I'm looking to have http traffic from 3 real servers from one site
access 2 real servers for another site using the same director.
We are looking to have the main site issue requests to a second
clustered layer and I was looking to setup a second VIP with associated
real servers and have the traffic load balanced using the existing LVS

The setup is using LVS-NAT.

target     prot opt source               destination

target     prot opt source               destination
ACCEPT     all  --
MASQUERADE  all  --         anywhere


_______________________________________________ mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>