LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] LVS with NAT - Help needed

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS with NAT - Help needed
From: "Fernando Gomes" <fernando.gomes@xxxxxxxxx>
Date: Mon, 17 Sep 2007 18:09:59 +0100
I Joe, thanks for your reply, my comments are on the body of the message

Fernando

> -----Original Message-----
> From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:lvs-users-
> bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Joseph Mack NA3T
> Sent: segunda-feira, 17 de Setembro de 2007 13:15
> To: LinuxVirtualServer.org users mailing list.
> Subject: Re: [lvs-users] LVS with NAT - Help needed
> 
> On Mon, 17 Sep 2007, Fernando Gomes wrote:
> 
> > I am using the following setup using NAT in the directors, and it is
> > working well (no performance tests made yet). In the final setup I
> > intend to have the loabalancers with dual NICs one for the
192.168.1.0
> > network and other to the 192.168.0.0 network, for now the test was
made
> > with 192.168.0.X as an alias on eth0.
> 
> you'll have less oppotunities for trouble if you use
> secondary IPs.
Ok, but can you clarify why? 

> 
> > The internal VIP (IVIP) was
> > defined as the default gateway for the realservers, and also the
> > iptables on the LoadBalancer was used:
> >
> >
> >
> > iptables -t nat -A POSTROUTING -j MASQUERADE -s 192.168.0.0/24
> 
> don't use iptables rules until your LVS is working.
I agree, it is one less thing to think about when trying to diagnose the
problem, I'll try to remind it :-)

> 
> > I have one problem that I don't know if it can be solved, so I'm
asking
> > your opinion. I'm using also OpenVZ on all servers (including the
> > Loadbalancers), but LVS is installed on the Hardware Node, not using
> > OpenVZ at all. The problem I have is if I put a VE (virtual
environment
> > ~= virtual machine) on the standby loadbalancer and run on it a
> > realserver.
> 
> I don't understand this sentence or know what the "it" is.
Sorry, I'll try to clarify it, since this is the root of the problem.
I'm running a virtual machine in the loadbalancer node that is not
active (the standby loadbalancer), and that virtual machine is running a
realserver (webserver) (the same virtual machine on the active
loadbalancer works well). The test page requests work well, they come
from the same network. The client requests that are transformed by the
director are received, but the answer goes directly to the router, does
not return to the director.

I've decided not to use realservers on the loadbalancer, but just want
to know if this is possible, to facilitate upgrades or repairs (making a
temporary live migration of virtual machines to any hardware node,
including the nodes where the loadbalancer is running).

> 
> > When the director sends a client request to the realserver
> > running on the standby loadbalancer (for example with Loadbalancer1
> > active and realserver with IP 192.168.0.150 running on a VE on
> > Loadbalancer2) the request fails. Using tcpdump I found that the
> > connection request arrives to the realserver (loadbalancer2 node in
that
> > case), but it answers it directly to the router (using router MAC
> > address), so there is no translation done by the loadbalancer1 as it
> > should.
> 
> does your setup appear to be a one-network LVS-NAT (see
> HOWTO)?
Physically it is similar (all nodes on the same physical network), but
the realservers are not in the same network as the VIP (realservers are
on network 192.168.0.0/24 and VIP is on the network 192.168.1.0/24). I'm
going to migrate all the IP addresses on the network 192.168.1.0/24 to
public IP addresses when I deploy this system, this is just a test
setup.

> 
> Joe
> 
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> 




<Prev in Thread] Current Thread [Next in Thread>