Re: [lvs-users] about NAT return path

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	Re: [lvs-users] about NAT return path
From:	Yonghua Peng <yhpeng@xxxxxxxxx>
Date:	Mon, 02 Feb 2015 18:29:23 +0800

SNAT on the real server?
sorry but I was  thinking the SNAT is implemented by LVS, for the 
returned back packages.

Martin Wheldon wrote:
> Hi,
>
> Yes, with the SNAT on the real server you should be fine.
>
> Best Regards
>
> Martin
>
> On 2015-02-02 10:12, Yonghua Peng wrote:
>> Martin,
>>
>> What I meant is, the incoming packages implement DNAT by LVS, then
>> forward to realserver.
>> The outgoing packages implement SNAT, then forward to client.
>> Since host A and B have the same VIP (managed by OSPF), after the
>> SNAT,
>> the packages seem to be from the same host. Client shouldn't drop
>> them.
>>
>> Am I right?
>> Thanks.
>>
>>
>>    Martin Wheldon wrote:
>>> Hi,
>>>
>>> The DNAT would still need to be reversed. The client will otherwise
>>> drop
>>> the packet as it won't be from the host it started the connection
>>> with.
>>>
>>> Best Regards
>>>
>>> Martin
>>>
>>> On 2015-02-02 09:59, Yonghua Peng wrote:
>>>> If it's just a DNAT forwarding for the incoming packet, I don't
>>>> think
>>>> LVS host has to keep the status of the connection.
>>>> I am probably wrong, just by curious. And I will test for it.
>>>>
>>>> Thanks.
>>>>
>>>> Martin Wheldon wrote:
>>>>> Hi,
>>>>>
>>>>> Because there will be no entry in the NAT table on the second host
>>>>> so
>>>>> it won't know how to deal with the return packet.
>>>>>
>>>>> Best Regards
>>>>>
>>>>> Martin
>>>>>
>>>>> On 2015-02-02 09:06, Yonghua Peng wrote:
>>>>>> Can you tell me why the realserver should use host A as the
>>>>>> gateway?
>>>>>> since host A and B have the same configure, and share the same
>>>>>> VIP,
>>>>>> I
>>>>>> was thinking both A and B can be setup as the gateway.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>>      Ivan Havlicek wrote:
>>>>>>> No, if a transaction start via LVS host A, the realserver need
>>>>>>> to
>>>>>>> use
>>>>>>> this host as gateway to respond.
>>>>>>> This is the normal for a NAT.
>>>>>>
>>>>>> _______________________________________________
>>>>>> Please read the documentation before posting - it's available at:
>>>>>> http://www.linuxvirtualserver.org/
>>>>>>
>>>>>> LinuxVirtualServer.org mailing list -
>>>>>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>>>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Please read the documentation before posting - it's available at:
>>>>> http://www.linuxvirtualserver.org/
>>>>>
>>>>> LinuxVirtualServer.org mailing list -
>>>>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>
>>>>
>>>> _______________________________________________
>>>> Please read the documentation before posting - it's available at:
>>>> http://www.linuxvirtualserver.org/
>>>>
>>>> LinuxVirtualServer.org mailing list -
>>>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> Please read the documentation before posting - it's available at:
>>> http://www.linuxvirtualserver.org/
>>>
>>> LinuxVirtualServer.org mailing list -
>>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list -
>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>> !DSPAM:31,54cf4d55101351582769714!
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] about NAT return path, Yonghua Peng Re: [lvs-users] about NAT return path, Yonghua Peng Re: [lvs-users] about NAT return path, Ivan Havlicek Re: [lvs-users] about NAT return path, Yonghua Peng Re: [lvs-users] about NAT return path, Martin Wheldon Re: [lvs-users] about NAT return path, Yonghua Peng Re: [lvs-users] about NAT return path, Martin Wheldon Re: [lvs-users] about NAT return path, Yonghua Peng Re: [lvs-users] about NAT return path, Martin Wheldon Re: [lvs-users] about NAT return path, Yonghua Peng <= Re: [lvs-users] about NAT return path, Martin Wheldon Re: [lvs-users] about NAT return path, Yonghua Peng Re: [lvs-users] about NAT return path, Martin Wheldon Re: [lvs-users] about NAT return path, support

Previous by Date:	Re: [lvs-users] about NAT return path, Martin Wheldon
Next by Date:	Re: [lvs-users] about NAT return path, Martin Wheldon
Previous by Thread:	Re: [lvs-users] about NAT return path, Martin Wheldon
Next by Thread:	Re: [lvs-users] about NAT return path, Martin Wheldon
Indexes:	[Date] [Thread] [Top] [All Lists]