LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] multi-port persistence for http/https - unclear document

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] multi-port persistence for http/https - unclear documentation
From: David Coulson <david@xxxxxxxxxxxxxxxx>
Date: Sat, 24 Nov 2012 20:12:44 -0500
If you use gateway/DR mode, it will not rewrite the IP packet (just the 
Ethernet headers to send it to the real server). So it will go the same port 
(as well as destination IP) as the original packet.

Did you actually try the config and have a problem, or are you just assuming it 
won't work?

David


On Nov 24, 2012, at 7:48 PM, Tomasz Chmielewski wrote:

> Hi,
> 
> I'm trying to follow the documentation here to set up multi-port (http/https) 
> persistence, with LVS-DR:
> 
> 1) 
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.services.multi-port.html
> 2) 
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.fwmark.html#e-commerce_fwmark
> 
> 
> However, it doesn't make much sense to me.
> 
> First, 2), under "25.6.2. iptables for 2.4 director" mentions:
> 
> director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d 
> 192.168.2.110/32 \
>       --dport http -j MARK --set-mark 2
> director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d 
> 192.168.2.110/32 \
>       --dport https -j MARK --set-mark 2
> 
> This would set the *same* mark 2 for ports 80 and 443.
> 
> Then, how will LVS distinguish between what needs to be sent where?
> 
> I.e. this snippet of ldirectord config:
> 
> virtual = 2
>     protocol = fwm
>     scheduler = wlc
>     persistent = 300
>     real = server1:80 gate 20
>     real = server2:80 gate 20
>     real = server3:80 gate 20
>     real = server4:80 gate 20
>     virtualhost = example.com
>     request = "/ping/"
>     receive = "ALIVE"
>     service = http
> 
> 
> will cause the traffic to be sent to port 80.
> 
> But it will also send there (to port 80) all traffic incoming to port 443, 
> since it has the same mark.
> 
> So:
> - connections to port 80 will go to some realserver, port 80 (good)
> - connections to port 443 will go to some realserver, port 80 (bad!)
> 
> 
> Can you point where my reasoning is incorrect, and how should I use LVS to 
> make sure traffic for 80/443 is always sent to the same real server?
> 
> 
> 
> -- 
> Tomasz Chmielewski
> http://blog.wpkg.org
> 
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
> 
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>