|
Am Donnerstag, 17. Oktober 2013, 08:48:23 schrieb Ulrich Windl:
> Hi!
>
> I'm not subscribed to the list, so I hope someone will receive it anyway:
>
> I could pretty well use LVS for a load-balance, high-availability scenario
> like distributing SMTP requests to different servers, but the setup seems
> so complicated that I won't do.
OK. <Dear reader: please insert your own thoughts here>
> Reading the documentation, I felt that the
> NAT (masq) mechanism would be the most elegant for my requirements. However
> as it tuned out it did not work (as for many others).
How did you get the implression that it does not work for many others?
> The reason is simple:
The reason, it does not work for _you_.
> LVS rewrites the destination TSAP (IP address and port), but it leaves the
> source TSAP unchanged. So any replies from a real server go to the original
> sender, instead of the LVS host.
Yes. This behaviour is well documented.
> The proposed solution is to set the LVS host as default gateway on any real
> server. This has several problems: 1) You create a SPoF on the LVS host
> 2) You create a network bottleneck on the LVS host (_all_ traffic from a
> real goes to the LVS host which must be a router) 3) If LVS host and real
> server are not in the same subnet, you cannot route from the real server to
> the LVS directly 4) You cannot have two different LVS hosts that use
> different services on the same real host
You hit the nail on the head.
> I reall wonder why you don't rewrite the source TSAP (in addition to the
> destination TSAP) as well so that the sender of the packet seems to be the
> LVS host.
This feature is well documented here:
http://blog.loadbalancer.org/enabling-snat-in-lvs-xt_ipvs-and-iptables/
I think this is included already in later kernel versions. But google a little
bit.
> On a second rewrite the LVS destination TSAP would be rewritten
> to the original requester. I feel this would work like a charm: 1) The real
> server will reply to the LVS host automatically
> 2) Only LVS traffic needs to go through LVS host
> 3) LVS host does not need to be a router (after rewriting the destination, I
> think) 4) LVS host and real server can be in different subnets
> 5) You can use one real server from different LVS hosts
>
> Did I overlook something that makes this impossible or impractical?
No. That is why people implemented it already.
--
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München
Tel: (0162) 1650044
Fax: (089) 620 304 13
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
