LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] about NAT return path

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] about NAT return path
From: Martin Wheldon <martin.wheldon@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 02 Feb 2015 10:31:30 +0000
Hi,

The SNAT could be configured on either the LVS node or the real server.

Best Regards

Martin

On 2015-02-02 10:29, Yonghua Peng wrote:
> SNAT on the real server?
> sorry but I was  thinking the SNAT is implemented by LVS, for the
> returned back packages.
>
> Martin Wheldon wrote:
>> Hi,
>>
>> Yes, with the SNAT on the real server you should be fine.
>>
>> Best Regards
>>
>> Martin
>>
>> On 2015-02-02 10:12, Yonghua Peng wrote:
>>> Martin,
>>>
>>> What I meant is, the incoming packages implement DNAT by LVS, then
>>> forward to realserver.
>>> The outgoing packages implement SNAT, then forward to client.
>>> Since host A and B have the same VIP (managed by OSPF), after the
>>> SNAT,
>>> the packages seem to be from the same host. Client shouldn't drop
>>> them.
>>>
>>> Am I right?
>>> Thanks.
>>>
>>>
>>>    Martin Wheldon wrote:
>>>> Hi,
>>>>
>>>> The DNAT would still need to be reversed. The client will 
>>>> otherwise
>>>> drop
>>>> the packet as it won't be from the host it started the connection
>>>> with.
>>>>
>>>> Best Regards
>>>>
>>>> Martin
>>>>
>>>> On 2015-02-02 09:59, Yonghua Peng wrote:
>>>>> If it's just a DNAT forwarding for the incoming packet, I don't
>>>>> think
>>>>> LVS host has to keep the status of the connection.
>>>>> I am probably wrong, just by curious. And I will test for it.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Martin Wheldon wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Because there will be no entry in the NAT table on the second 
>>>>>> host
>>>>>> so
>>>>>> it won't know how to deal with the return packet.
>>>>>>
>>>>>> Best Regards
>>>>>>
>>>>>> Martin
>>>>>>
>>>>>> On 2015-02-02 09:06, Yonghua Peng wrote:
>>>>>>> Can you tell me why the realserver should use host A as the
>>>>>>> gateway?
>>>>>>> since host A and B have the same configure, and share the same
>>>>>>> VIP,
>>>>>>> I
>>>>>>> was thinking both A and B can be setup as the gateway.
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>>      Ivan Havlicek wrote:
>>>>>>>> No, if a transaction start via LVS host A, the realserver need
>>>>>>>> to
>>>>>>>> use
>>>>>>>> this host as gateway to respond.
>>>>>>>> This is the normal for a NAT.
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Please read the documentation before posting - it's available 
>>>>>>> at:
>>>>>>> http://www.linuxvirtualserver.org/
>>>>>>>
>>>>>>> LinuxVirtualServer.org mailing list -
>>>>>>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>>>>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Please read the documentation before posting - it's available 
>>>>>> at:
>>>>>> http://www.linuxvirtualserver.org/
>>>>>>
>>>>>> LinuxVirtualServer.org mailing list -
>>>>>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>>>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Please read the documentation before posting - it's available at:
>>>>> http://www.linuxvirtualserver.org/
>>>>>
>>>>> LinuxVirtualServer.org mailing list -
>>>>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Please read the documentation before posting - it's available at:
>>>> http://www.linuxvirtualserver.org/
>>>>
>>>> LinuxVirtualServer.org mailing list -
>>>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>
>>>
>>> _______________________________________________
>>> Please read the documentation before posting - it's available at:
>>> http://www.linuxvirtualserver.org/
>>>
>>> LinuxVirtualServer.org mailing list -
>>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>
>>>
>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list - 
>> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - 
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
> !DSPAM:31,54cf5115101352002713398!


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>