For my application the first request, from the initial client on the
internet, comes in as an http request and hits the VIP and gets loadbalanced
via LVS-NAT as intended. The second request, from the real server, is an
LDAP request that get's sent to an LVS-DR VIP to perform authentication as
part of the initial client connection. I need the 2nd layer of load
balancing more for high availability than for actual balancing of the load.
This is a requirement that I can't get around, therefore I have no choice
but to face any dificulties in getting it to work. What are these
Also, on a side note, at the risk of sounding like I am critiquing LVS
(which I am not, I have been a big fan and user for years and have
implemented it over an appliance from a big name 9 times out of 10), I read
somewhere that since LVS's inception into the mainstream Kernel that it
"sit's on top of the Netfilter framework". If this is true then one would
think that: if what goes up, in this case the packet flow, must come down,
then one would logically think that if the packets traverse the iptables
PREROUTING and INPUT tables, then they would also come down the OUTPUT and
POSTROUIING tables as well on their way out of the system. Again, I don't
want to sound like I am critisizing LVS at all but the
framework/architechture does'nt seem complete. Just an opinion, and I hope
that I didn't offend anybody especially in my time of need. Thanks.
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing list."
To: "LinuxVirtualServer.org users mailing list."
Subject: Re: SNAT Confusion
Date: Sat, 17 Mar 2007 17:23:55 -0700 (PDT)
On Fri, 16 Mar 2007, Rodre Ghorashi-Zadeh wrote:
I have been able to get the "Janusz" patch to work on Fedora
2.6.19-1.2288.2.4.fc5, but it looks like my problem still isn't solved. It
looks like this may be the time to explain my setup and requirement:
I am in the situation where my real servers are clients of the VIP, and
have the potential to loop back via the director onto themselves. It is
not a problem if:
realserver1 RIP -> Director VIP -> realserver2 RIP
realserver2 RIP -> Director VIP -> realserver1 RIP
realserver1 RIP -> Director VIP -> realserver1 RIP
realserver2 RIP -> Director VIP -> realserver2 RIP
people are always wanting the realserver to be a client of the VIP to
balance a 2nd layer of requests. This is a little difficult to do with LVS.
Since the first connection is already reasonably balanced, it occurs to me
that the 2nd request can just stay on the realserver (eg LVS-DR, when the
VIP is on the realserver). Possibly the 2nd connection won't be perfectly
balanced, but for the trouble you have to go to, to get it balanced, would
it be balanced well enough?
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
Get Out Of The House - Ski, Skate & Sun