|
OK. Now I see the whole picture.
Your director is on both a public and a private network and all the real
servers are on the private network only, The LVS-NAT mode works in your
situation but you don't want that.
LVS-DR with real servers having public IP's also works but you don't want
that either.
You want to use LVS-DR mode but don't want to give the real servers public
IP's. I am not sure that is theoretically possible because the VIP for the
director is a public IP.
To use LVS-DR for your director and real servers, I would do this way.
Choose a VIP in the private network for the director. Let either router NAT
the incoming traffic to the director. So all incoming traffic is from
clients to router to director to real servers; all outgoing traffic will go
from the real servers to router to clients.
You can even save the public IP you use for the director and make the
director accesscible from the Internet to ports you specificlly NAT from the
router. Since you concerned about saving public IPs and restricting access
to the real servers. So this solution improves both aspects.
I am sure you have considered this way and this is not what you want either
for some reasons.
On Thu, Jul 2, 2009 at 6:01 PM, Olaf Krische <public@xxxxxxxxxx> wrote:
>
>
> John Du-4 wrote:
> >
> > Why do you have to use public IPs for the real servers in a LVS-DR
> > setup? LVS-DR does not require the real servers to have public IPs. It
> > only requires that the load balancer and the real servers are on the
> > same sub-net.
> >
>
> You guys really must think, i try to tease you, mh?
>
> I would offer free beer, if i could, by receiving the patience
> to follow me (yet)
>
> If not using the public IPs, i could not route to the client.
>
> This is how my brain imagines the routing:
>
> 1)
>
> Without public IP address on real server:
>
> Router's IP and directors IP are in the same network; director and
> realserver are in the same LAN.
>
> a) client traffic from Internet to VIP arrives at router A.
>
> b) traffic is passed to the director.
>
> c) director rewrites and passes the client traffic to the chosen realserver
> in the LAN.
>
> d) realserver answers to the client by using its default route, which
> points
> to router B.
>
> It can not use router A for the answer, router A is not reachable from
> LAN.
>
> Router B does NAT only. It translates LAN-IP to router B's IP and then
> forwards to router A.
>
> e) realserver answers to the client by sending traffic to router B
>
> f) Router B receives traffic, which looks like traffic coming from VIP to a
> client in the internet.
>
> Router B does not know what to do. No traffic arrives to client.
>
> Lost.
>
> 2)
>
> With public IP address on real server:
>
> router's IP, director's IP and realserver's IP are in the same network.
>
> a) client traffic from Internet to VIP arrives at router A.
>
> b) traffic is passed to the director.
>
> c) director rewrites and passes the client traffic to the chosen
> realserver.
>
> d) realserver answers to the client by using its default route, which
> points
> to router A.
>
> It can use router A for the answer, because router A is reachable.
>
> e) realserver answers to the client by sending traffic to router A
>
> f) router A receives traffic, which looks like traffic coming from VIP to a
> client in the internet.
>
> Router A knows what to do with it.
>
> g) router A sends to its next hop, etc etc.
>
>
> Conclusion:
>
> 2) is like the example in the mini-howto and it runs perfectly here.
>
> 1) is broken in my head. Probably i miss something big. I have no idea,
> what
> i dont get,
> especially when all of you are say: "it works here"
>
> G'night
>
> --
> View this message in context:
> http://www.nabble.com/ipvs-or-apache-mod_proxy-mod_balancer-tp24184926p24316166.html
> Sent from the LVS mailing list archive at Nabble.com.
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
