Re: [lvs-users] Does "NAT" lvs use NAT?

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] Does "NAT" lvs use NAT?
From:	"Julius Volz" <juliusv@xxxxxxxxxx>
Date:	Fri, 5 Sep 2008 19:01:11 +0200

On Fri, Sep 5, 2008 at 6:01 PM, David Dyer-Bennet <dd-b@xxxxxxxx> wrote:
>
> On Fri, September 5, 2008 10:47, Julius Volz wrote:
>> On Fri, Sep 5, 2008 at 5:45 PM, Julius Volz <juliusv@xxxxxxxxxx> wrote:
>>> On Fri, Sep 5, 2008 at 5:42 PM, David Dyer-Bennet <dd-b@xxxxxxxx> wrote:
>>>> Should I expect to see something in iptables -t nat -L created by LVS?
>>>> Because even when traffic is being accepted and directed properly, I
>>>> don't.
>>>
>>> Nope, LVS does its own connection tracking.
>>
>> ...and NAT.
>
> Where does that come in the block diagram of Linux network packet handling?

IPVS currently just snatches packets away from the INPUT chain (that's
why the director has to have the VIP configured) if it sees that it is
responsible for them, otherwise it just lets them be processed as
normal. It then does all the fiddling and outputs the packet manually,
skipping the "normal" forwarding code of Linux. It basically does
everything itself: connection tracking, NAT/DR/Tun, routing (although
it calls into the normal routing code for that).

> Documentation note:  I've been reading "NAT" as referring to the other
> Linux network service in netfilter, rather than as a more generic use of
> the term.  I'd suggest making this a bit clearer in the documentation --
> that LVS NAT does NOT use the normal Linux NAT that people have mostly at
> least heard of.

Might be a good idea (don't know who can do this, though)...

> Does it conflict with setting up regular NAT to support outbound
> connections originating from the realservers (such as to a database)?
> Does it block routing to external addresses other than through the NAT
> entries?  And where can I see those entries (I don't see any way to list
> them with ipvsadm which is the only tool I know to talk to ip_vs).

It shouldn't interfere much with non-IPVS things (others, correct me
if I'm wrong). If IPVS doesn't recognize a packet as belonging to an
IPVS connection/service, the packet is just processed as normal.

> Should I not be trying to do this with NAT, use DR instead?  I've been
> trying to avoid having to muck about with the installation of each of the
> realserver OS installs that DR seems to require, but I can do it if I need
> to; it seems to be documented.  (Linux and Windows Server 2003).

Probably not necessary?

Julius

-- 
Julius Volz - Corporate Operations - SysOps

Google Switzerland GmbH - Identification No.: CH-020.4.028.116-1

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] Does "NAT" lvs use NAT?, David Dyer-Bennet Re: [lvs-users] Does "NAT" lvs use NAT?, Julius Volz Re: [lvs-users] Does "NAT" lvs use NAT?, Julius Volz Re: [lvs-users] Does "NAT" lvs use NAT?, David Dyer-Bennet Re: [lvs-users] Does "NAT" lvs use NAT?, Julius Volz <= Re: [lvs-users] Does "NAT" lvs use NAT?, David Dyer-Bennet Re: [lvs-users] Does "NAT" lvs use NAT?, Graeme Fowler

Previous by Date:	Re: [lvs-users] Does "NAT" lvs use NAT?, David Dyer-Bennet
Next by Date:	Re: [lvs-users] Does "NAT" lvs use NAT?, David Dyer-Bennet
Previous by Thread:	Re: [lvs-users] Does "NAT" lvs use NAT?, David Dyer-Bennet
Next by Thread:	Re: [lvs-users] Does "NAT" lvs use NAT?, David Dyer-Bennet
Indexes:	[Date] [Thread] [Top] [All Lists]