|
On 2000-01-09T18:21:46,
Horms <horms@xxxxxxxxxxxx> said:
> The question that I have is that the network I would really like
> to be testing is;
>
[snip]
>
> This may be a silly question, but other than using NAT, which has
> performance problems, is this possible. I tried this topology
> with direct routing and packets from the clients were multiplexed
> to the servers fine, but return packets from the servers to the
> client were not routed by the IPVS box.
Yes. The LVS box silently drops the return packets, since they have a src ip
which is also bound as a local interface on the LVS. This is meant to be a
simple anti-spoofing protection.
You can enable logging these packets via
echo 1 >/proc/sys/net/ipv4/conf/all/log_martians
The only way around this with current Linux kernels is to disable the check in
the kernel source or to use a separate box as the outward gateway. (Which is
how DR is meant to be used for full performance)
> This is not a problem as such as it probably makes a lot of sense
> on not to use an IPVS box as your gateway router,
Actually it makes a lot of sense to do just that IMHO. Less points of failure,
less hard- & software to duplicate in a failover configuration.
Sincerely,
Lars Marowsky-Brée
--
Lars Marowsky-Brée
Network Management
teuto.net Netzdienste GmbH
----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
|
