LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] Connecting to VIP from Real Servers

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Connecting to VIP from Real Servers
From: Stephen Amadei <stephenamadei@xxxxxxxxxxx>
Date: Wed, 20 Aug 2008 16:05:32 -0400
 
That's the interesting rub with my setup... the realserver and database are not 
on the same network, as they are on separate vlans.  Both real servers, both 
load balancers and the switch in between all this is vlan'd.  The four Linux 
servers use 802.1q trunks.
 
To diagram...  
 
                                  GW 1.1.1.1
                                         |
    1.1.1.2                  VIP 1.1.1.10 for http port                     
1.1.1.3
       LB1----------------1.1.1.20 for mysql port------------------LB2  
10.0.1.2 vlan 100        vlan 100 GW: 10.0.1.1                  10.0.1.3 vlan 
100
  10.0.2.2 vlan 200        vlan 200 GW: 10.0.2.1                  10.0.2.3 vlan 
200
         |                                                                      
            |
     ----------------------------Cisco 2950----------------------------
         |                                                                      
            |
         |                                                                      
            |
  Real Server 1                                                                 
  Real Server 2
  10.0.1.11 listen http vlan 100                        10.0.1.12 listen http 
vlan 100
  10.0.2.11 listen mysql vlan 200                     10.0.2.12 listen mysql 
vlan 200
 
All networks are /24s.
 
As best as I understand...  Both Real Servers are configured to use the 
1.1.1.20 mysql server.  Packet 10.0.1.11->1.1.1.20 via 10.0.1.1.  I assume this 
gets NAT'd as 1.1.1.2.  The LB forwards this to one of the real mysql servers.  
1.1.1.20->10.0.2.2, but the dest is the NAT address 1.1.1.2.  It does its work 
and sends the packet back... 10.0.2.2->1.1.1.2 via 10.0.2.1.  Then it gets 
unNAT'd back to the real server... 
1.1.1.2->10.0.1.2.
 
Of course, this doesn't work.
 
I think the problem is that my NAT rule is not working due to the packet coming 
from the inner interface... but I am likely wrong.  ;-)
 
Stephen
> From: daniel.watson@xxxxxxxx> To: stephenamadei@xxxxxxxxxxx> Date: Wed, 20 
> Aug 2008 11:46:48 -0700> Subject: Re: [lvs-users] Connecting to VIP from Real 
> Servers> > >>I assume you have some sort of web application that uses a 
> database. Why> >>not have you're both RS web apps using a MySQL connection to 
> localhost.> >>Then you modify UltraMonkey to use not a simple tcp check, but 
> a much> >>deeper app-levle check, that check as well the db connection. In 
> case of> >>an issue with the DB, the RS will be de-activated, and will only 
> remain> >>the RS that has a healthy DB connection.> > >Actually, that is what 
> I am running right now... but I really wanted to> >be able to run MySQL 
> separate from HTTP... just in case I end up with a> >situation where HTTP is 
> broken on server A and MySQL is broken on server> >B.> >> >Stephen> > This is 
> probably a routing issue.> From outside your network the data path looks 
> like> Client -> vip -> loadbalancer -> realserver -> database> Client <- vip 
> <-
  LB <- Realserver <- database> When you try to load balance the database 
server it goes like this> > Client -> vip -> LB -> RS -> vip -> LB -> Database> 
Client x vip x lb x RS <- database> > Since the realserver and database are on 
the same network the database is sending directly> to the realserver. While the 
realserver is expecting a reply from the vip.> So this cannot work with nat, 
and probably not work with most other configs.> They all rely on the load 
balancer being the man in the middle to twiddle the packets.> > -dan
_________________________________________________________________
Get ideas on sharing photos from people like you.  Find new ways to share.
http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008

<Prev in Thread] Current Thread [Next in Thread>
  • Re: [lvs-users] Connecting to VIP from Real Servers, Stephen Amadei <=