LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Multiple ports on real servers

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Multiple ports on real servers
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Thu, 23 Nov 2006 08:51:52 -0800 (PST)
On Thu, 23 Nov 2006, Mindaugas wrote:


Hello,

Accidently replied privately to ratz so repeating my e-mail here. :)

I need the following setup preferably with LVS-NAT:
VIP:80   --> RS1:80, RS1:81, RS1:82, RS2:80, RS2:81, RS2:82

VIP:80 goes to 6 realservers (which are running on 2 boxes, but the director doesn't know that).

VIP:8080 --> RS1:80, RS1:81, RS1:82, RS2:80, RS2:81, RS2:82
VIP:9080 --> RS1:80, RS1:81, RS1:82, RS2:80, RS2:81, RS2:82

3 open ports on real servers because I'd like to run 3 instances of
Squid on each to better utilize 4 cores (plus one more application which
will use 4th core).
I cannot do just VIP:80-->RS1:80, VIP:8080-->RS1:8080 because traffic
on those ports is very different.

Now I have the following iptables and IPVS rules on director:
-A PREROUTING -p tcp -m multiport --dports 80,8080,9080 -j MARK --set-mark 0x1

-A -f 1 -s wlc -p 15
-a -f 1 -r RS1:0 -m -w 1
-a -f 1 -r RS2:0 -m -w 1

And iptables on real servers:
-A PREROUTING -s 0.0.0.0/0.0.0.1 -p tcp -m multiport --dports
80,8080,9080 -j REDIRECT --to-ports 80
-A PREROUTING -s 0.0.0.1/0.0.0.1 -p tcp -m multiport --dports
80,8080,9080 -j REDIRECT --to-ports 81

So I'm missing one Squid and load balancing is separated onto both director
and real servers. I'd prefer to have it in one place - on director.

you haven't told us which parts are working and which isn't.

Your setup is more complicated than I can understand without actually running the commands on a setup (which I don't have), so my reply is mostly a guess...

Have you tested your setup in pieces first eg have you done
the 6 realserver setup in the first line? After you have an example working, then convert it to the fwmark format.

You have your packets going through a fwmark. It's probably in the HOWTO somewhere saying whether you can rewrite ports on a fwmarked packet (but I don't remember anyone trying it). I would check whether you can do that, since the information on the source port is not available to the ipvsadm if you use the fwmark format. Noone uses the RS1:0 format for ipvsadm anymore. It may or may not work for what you want.

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

<Prev in Thread] Current Thread [Next in Thread>