|
Can you show me or point me to the packet flow diagram which describes where
ipvs hooks up to the incoming packets and where iptables/netfilter hook up
to the packets.
On Fri, Feb 13, 2009 at 1:40 AM, Graeme Fowler <graeme@xxxxxxxxxxx> wrote:
> On Thu, 2009-02-12 at 18:06 -0800, Praveen Sooryanarayana wrote:
> > Yes, it's on the real servers. And the LVS also works fine.
>
> But...
>
> > Also, if I send requests to <Virtual ip>:8080, everything works fine.
>
> Your original message says:
>
> > Output of ipvsadm -L -n:
> >
> > IP Virtual Server version 1.2.1 (size=4096)
> > Prot LocalAddress:Port Scheduler Flags
> > -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> > TCP 10.10.50.100:8080 rr
> > -> 10.10.50.11:8080 Route 1 0 0
> > -> 10.10.50.12:8080 Local 1 0 0
>
> ...and...
>
> > iptables -t nat -A PREROUTING -p tcp -d 10.10.50.100 --dport 80 -j
> > DNAT --to 10.10.50.100:8080
>
> Taken together, this implies that the rule is running on the *director*
> and not on the realservers such that an incoming packet to the VIP hits
> the director on port 80, gets mapped to 8080 and then load balanced
> (this is what you want, isn't it?).
>
> It won't work on a number of counts:
>
> 1. netfilter and ipvs hook packets in different places in the traffic
> flow. It's rarely possible to mangle a packet with DNAT and then get
> ipvs to pick it up, because the packet has already traversed the ipvs
> hook and been missed [Joe, remind me sometime to work up that packet
> flow diagram].
>
> 2. You're using gate, or LVS-DR. This means the realservers respond
> directly to the clients - and if they're responding from port 8080, the
> responses will be ignored by the clients as they expect a response from
> port 80.
>
> I'd say that in this case, although it increases the complexity a bit,
> you'd be better off making Tomcat listen on port 80 or make use of
> Apache's mod_jk to hook Apache on port 80 and Tomcat on 8080 together.
>
> Graeme
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
