Re: [lvs-users] One realserver must connect to services to other realser

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [lvs-users] One realserver must connect to services to other realservers (routing problem).
From: Markus Hofer <hofmarkus@xxxxxxxxx>
Date: Fri, 26 Aug 2011 16:41:36 +0200
Solution are:

1. Change host entry for services to other realserver.
     Problem is if you have a lot of services with different DNS-Names an
     you have to insert every new services in every realserver (or make 
a little DNS-Server in the realserver-net), but it isn't

2. Julian's solution removes the local routing (as done for one network 
and forces every packet to pass through the director. The director 
therefore masquerades (rewrites) src_addr=RIP_2 to VIP and realserver_1 
accepts the request. This puts extra netload onto the director.

            |<vip>     |
            |  director   |
             |^         |^
          ans||      req||ans
             v|req      v|
   +-------------+     +-------------+
   |<rip1>      |     |<rip2>      |
   |  Realserver |     |  Realserver |
   |  = client   |     |  = server   |
   +-------------+     +-------------+

Look at:

- Every traffic goes over the Loadbalancer (director)
        - every backup
        - every rsync
         - every ssh, scp
- I couldn't logon via SSH from one realserver to another. I must insert this 
with a internal service on director.

3. Make NAT on realserver:
Look at:

Jacob's solution:
The solution proposed here does not put that extra load onto the director.
However each realserver always contacts itself (which isn't a problem).
Put the following entry into each realserver.
Now the realservers can access the httpd on RIP as if it were on VIP.
realserver#  iptables -t nat -A OUTPUT -p tcp -d $VIP --dport 80 -j DNAT --to 

- The logic of the loadbalancer (directory) you insert in the realserver
- you must do it for every service and
- for every different ip

4. It is not possible to insert a iptable-rule on director "every traffic from 
the realserver-net -->  (to) the realserer-net (from one
    realserver to another realserver)" so that this traffic receive a NAT URL, 
then the traffic goes back from realserver-2 to director and
    than to realserver-1:

    Like that:
    IPTABLES:         -A POSTROUTING (or PREROUTING??) -s -p tcp -j SNAT --to-source

            |<vip>     | (service
            |  director   | (virtual IP)
             |^         |^
          ans||      req||ans
             v|req      v|
   +-------------+     +-------------+
   |<rip1>      |     |<rip2>      |
   |  Realserver |     |  Realserver |
   |  = client   |     |  = server   |

- nothing (or i can't find it)

- only one entry to change the settings
- only the VIP traffic goes from realserver-1<-->  VIP<--->  realserver-2


Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>