Hello LVS Community.
I have been searching interweb and reading the lists for a few days
now and have yet to find concrete examples on how to do what I have in
my head.
I already have a stable production environment using LVS DR with
Keepalived. As of now I am only using VIPs for HTTP, SMTP, HTTPS and
other well known services.
There is a project on the table requiring the addition of VPN real
servers to the network. The idea is have VPN clients connect to a VIP
and terminate their VPN connections with the VPN real servers behind
the LVS (tunnel mode). I would like to load balance these incoming
IPSEC connections to the VPN servers on the internal network. For
example, client one terminates a VPN connection to VPN1, client two
terminates a VPN connection to VPN2, client three terminates a VPN
connection to VPN1, and so on. The LVS is not going to run IPSEC VPN
software only route and distribute the traffic.
>From what I understand in order to have the LVS load balance IPSEC
client requests I will need to recompile the Linux Kernel and add "ESP
load balancing support (IP_VS_PROTO_ESP)"? Please correct me if I am
wrong here. If this is so then it is not an option I can chose and
will have to move on to the next plan.
Another option I read about was to use iptables FWARK on the LVS. The
examples show only TCP services. I can't find any configuration with
someone passing protocol 50, UDP 4500 and 500 through the LVS to one
or more real servers.
Can someone share a detailed configuration or point me to some
detailed documentation?
Thanks in advanced.
HM
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|