[lvs-users] LVS-NAT One network question..

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] LVS-NAT One network question..
From: "Benjamin Smith" <defitro@xxxxxxxxx>
Date: Tue, 22 Jul 2008 14:52:38 -0400
Recently I have begun exploring the use of LVS to provide HA Load balancers
for our internal middleware app layer.  The real servers that I require load
balancing for are on the same network as the director, the clients and in
one extreme case, the same machine on different ports.

Currently I have a very simple implementation without the use of HA
capabilities via keepalived.   The only way I could make it work was
outlined here:
instructs me to disable icmp forwarding on my director and set my one
and only route (default) on the real servers to the director.  This doesn't
feel right.  I believe I read correctly that if I need I can have individual
host routes to DBs, NFS, etc, is that correct?  That is still kind of a
pain, but eases it somewhat..

Is there another, less restrictive way to make LVS-NAT on one network work

Versions, etc:

Director Kernel: 2.6.18-53.el5 #1 SMP
ipvs: IP Virtual Server version 1.2.1 (size=4096)
keepalived: 1.1.15

global_defs {
   notification_email {
   smtp_connect_timeout 30
   ! Must be unique for every director
   lvs_id lvsdev01

! Setup virtual int
vrrp_instance vip_one {
        state MASTER
        interface eth0
        lvs_sync_daemon_inteface eth0
        virtual_router_id 51
        priority 150
        advert_int 1
        ! For other server connections
        !authentication {
        !        auth_type PASS
        !        auth_pass example
        ! VIP.
        virtual_ipaddress {
       dev eth0

! Setup the virtual server for ipvs.
virtual_server 17000 {
    delay_loop 6
    ! Weighted Least Connections
    lb_algo wlc
    ! Servers will talk through me and I'll do the NATing.
    lb_kind NAT
    ! Main protocol will be TCP
    protocol TCP
    persistence_timeout 0
    ! Suspend on failure
    ! Real server
    real_server 17000 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            connect_port 17000

    real_server 17001 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            connect_port 17001

Benjamin Smith

<Prev in Thread] Current Thread [Next in Thread>