Re: [lvs-users] would this configuration work for lvs-dr?

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] would this configuration work for lvs-dr?
From:	"William Ottley" <williamottley@xxxxxxxxx>
Date:	Sun, 6 Jan 2008 10:30:27 -0500

Thanks for your time Graeme,
if i'm correct, then what you're saying is IP spoofing? or is that different?
I thought I read that since the real server is sending the VIP
address, this is considered IP spoofing, and some ISP's block that
traffic? or is it something completely different?


Thanks

William

On Jan 6, 2008 10:12 AM, Graeme Fowler <graeme@xxxxxxxxxxx> wrote:
> William
>
> On Sun, 2008-01-06 at 09:36 -0500, William Ottley wrote:
> > Now I don't want the realservers sending back to the CIP directly,
> > because this will expose the IP of the realserver, which I can't have.
>
> You have fundamentally misunderstood something here - and this isn't
> LVS, it's TCP/IP.
>
> When the replies to the client leave the realserver in a DR setup, the
> source IP address is the VIP. If it was the realserver's IP address the
> TCP connection would never complete and the client would not be able to
> connect at all.
>
> This is why each realserver needs a loopback alias (in standard
> practice) of all the VIPs it is serving. Without that, nothing will
> work.
>
> > So, in essence, the LVS has to be a GW for all the traffic. is this
> > possible?
>
> It is, but it isn't necessary.
>
> > better yet, if I create an LVS with just 1 nic, and if the realserver
> > sends directly to the CIP: would doing a tracedump, or a network
> > sniffer who the realserver IP?
>
> Step away from the problem ;-)
>
> If I were you I'd strip this right back to basics. Get a single director
> and a single realserver setup, then get a single client from outside the
> same networks to talk to it. Build from there.
>
>
> Graeme
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>



-- 
---------------
Morpheus: After this, there is no turning back. You take the blue pill
- the story ends, you wake up in your bed and believe whatever you
want to believe. You take the red pill - you stay in Wonderland and I
show you how deep the rabbit-hole goes.

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] would this configuration work for lvs-dr?, William Ottley Re: [lvs-users] would this configuration work for lvs-dr?, Graeme Fowler Re: [lvs-users] would this configuration work for lvs-dr?, William Ottley Re: [lvs-users] would this configuration work for lvs-dr?, Graeme Fowler Re: [lvs-users] would this configuration work for lvs-dr?, William Ottley <= Re: [lvs-users] would this configuration work for lvs-dr?, Graeme Fowler Re: [lvs-users] would this configuration work for lvs-dr?, William Ottley Re: [lvs-users] would this configuration work for lvs-dr?, Graeme Fowler

Previous by Date:	Re: [lvs-users] would this configuration work for lvs-dr?, Graeme Fowler
Next by Date:	[lvs-users] SuSE Linux with LVS and Heartbeat, John Moore
Previous by Thread:	Re: [lvs-users] would this configuration work for lvs-dr?, Graeme Fowler
Next by Thread:	Re: [lvs-users] would this configuration work for lvs-dr?, Graeme Fowler
Indexes:	[Date] [Thread] [Top] [All Lists]