|
On Tue, 12 Dec 2006, Bill Omer wrote:
Currently I am using LVS-DR with much successes. One part I would
like to build upon is the real's dependencies' on iptables using the
nat table to accept VIP traffic. I would like to find a way to allow
the reals to accept VIP traffic without any modifications to the
real's them selfs.
I am using the following on all of my reals to access traffic with a DST of
VIP:
iptables -t nat -A PREROUTING -d VIP -p tcp --dport 0:65535 -j REDIRECT
This may not be doing what you want. As of the 2.4 kernels
the packet doesn't arrive with IP==VIP anymore. See the
HOWTO for transparent proxy. This is OK for squids but not
for LVS.
Scenario (assuming wlc):
A real boots but for some reason, the iptables are not applied.
You want LVS to handle both iptables applied/not applied?
You haven't explained why so I don't know how important this
is. If it's an error situation, then you're better off
fixing the error at its cause, than handling it later. No
machine should be in a state where iptables hasn't been run,
if you told it to run.
Now
mon/keepalived sees the real is now responding again and re-adds the
server back to the ipvsadm table. Since this real doesn't have any
active connections, all new connections are routed to this real.
rr helps here. Still the thundering herd problem has to be
handled in user space (until someone writes a fix).
Since the iptable rules did not run, now the service the client is
trying to access is completely unavailable.
I am not able use LVS-NAT in my environment. I would like to find a
way to have VIP traffic routed to the reals without needing any
modifications to the reals them selfs, much like commercial load
balancers work.
maybe I don't understand your situation, but unless you
handle the arp problem, traffic will go to the realservers.
Is LVS-TUN able to do this?
I don't know what "this" is.
Would the reals require a tunl0 interface
as well as the director?
for LVS-Tun, only the realserver requires a tunl0 device
(the director doesn't because traffic is one-way).
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
| 