LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] LVS DR which IP seen to client?

To: Ferhat Ozkasgarli <ozkasgarli@xxxxxxxxx>
Subject: Re: [lvs-users] LVS DR which IP seen to client?
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Simon Horman <horms@xxxxxxxxxxxx>
Date: Sat, 24 Jul 2010 16:48:02 +0900
On Sat, Jul 24, 2010 at 10:13:41AM +0300, Ferhat Ozkasgarli wrote:
> Hello All,
> 
> The question may look like a noob question but I would be one very happy
> person if answered :D.
> 
> I have built LVS NAT mail server cluster with freeNas as storage and
> MailEnable as mail server. Every thing works fine but because of network
> bottle neck issue and some other isseues about mail server, we want to user
> LVS DR.
> 
> 1-) With LVS DR setup; after client had requested the service from VIP,
> which IP sends the answer? VIP or RIP?

I'm not entirely sure what you are asking.

In the case of the return packets for connections made to the
virtual service, their source IP address will be the VIP.

In essence things work like this:

NAT

Client --- CIP:VIP --> Linux-Director --- CIP:RIP --> Real Server
       <-- CIP:VIP --- Linux-Director <-- CIP:RIP ---

FULL-NAT (to be included in 2.6.36)

Client --- CIP:VIP --> Linux-Director --- VIP:RIP --> Real Server
       <-- CIP:VIP --- Linux-Director <-- VIP:RIP ---

DR

Client --- CIP:VIP --> Linux-Director --- CIP:VIP --> Real Server
       <---------------- CIP:VIP ----------------

In the case of connections initiated by a real server --
e.g. Sending an email to another machine, it will depend.

For NAT (and FULL-NAT) the return path for packets for connections to LVS
virtual services needs to travel through the linux-director. This typically
means that the linux-director is the default route for the real-servers.
And it can make sense for the linux-director to NAT packets for connections
that originate on the real-servers e.g. if the real-servers are using
RFC1819 or otherwise non-globally-routed addresses. But if they are using
globally-routed addresses then these packets may be left un-NATed (though I
don't believe that I have tested this).

In the case of DR, the return packets shouldn't pass through the
linux-director and they don't need to be unNATed as their source address is
already the VIP. But for packets for connections that originate on a
real-server its up to you and will most likely depend on what if the
(non-VIP) addresses of the real-servers are globally routed or not.

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>