|
Hello,
On Thu, 11 May 2000, catls wrote:
>
> First of all THANK YOU for the help :).
>
> I have some doubts.
> If i am using the cluster as shown in the figure(previous message) and
> sending packets in DR throught the director
>
> 1)Do i need to masquerade at all using ip chains if my cluster is being
> used only to serve clients on the net and all the facilities offered are
> in the control of ipvsadm and the director.?
Yes. You have to masquerade the outgoing traffic in the
Director in NAT mode.
>
> 2)If i want clients in the cluster to browse the net,i will need to
> masquerade.Does ipvsadm take care of this or do i need to run ipchains.
> Will running masquerading alter the ipvsadm setup in any way and how?
ipchains controls whether to masquerade. This is not a
LVS job. You have to masquerade your internal hosts. But LVS can
demasquerade without ipchains rules. But without ipchains rules
the outgoing ICMP can't exit.
>
> 3)This is my understanding of how things work and its bound to be wrong
> Please correct me.
>
> Client send packet to director with "destination address" as director's
> external interface .
>
> Director gets packet(on external iface),checks algorithm,decides to send
> packet to realserver1.So it retransmits packet that just arrived on the
> internal interface with the "MAC ADDRESS" changed to the mac address of
> real server1.
And the IP header is changed (NAT mode), the packet is
demasqueraded. Only in DR mode the packet is not changed.
>
> Realserver1 gets packet and it examines packet for destination field.It
> says helo! this destination is actually eth0:1(the aliased eth0 interface)
> which is my iface.Hmm this packet must be for me.
>
> Realserver then formulates a reply to the just arrived packet and puts the
> eth0:1 address in the "source field".Then it sends it to its default
> gateway.
>
> Which in Lars's method is the DIRECTOR!.
>
> Director gets packet on INTERNAL interface and since spoofing is disabled
> does not bother?(part am not sure about?).Since the packet does not have a
> destination field to its interfaces it just sends it out of the default
> gateway no?
> If spoofing check is disabled in linux by not putting a "1" in
> the /proc/sys/net/ipv4/conf/all/rp_filter this should work no?
We don't reach the rp_filter check. The packet is dropped
from the routing because its saddr is local (matches entry in the
routing table with name "local").
>
> Now if this is wrong what do i do to get it to route those packets.
> Could you tell me the exact commands please?
I just posted a variant for testing using policy routing.
Can you test it?
>
> Umm btw i used eth0:1 because of the lo:0 problem with netmasks.Gave it a
> wide berth:).
Use netmask 255.255.255.255 when adding VIP on "lo" and it
will work!
>
> Nat works but since Direct routing is there i would like to get it working
> since its so much more flexible if done right.Its a pain in the butt
> though:).
>
>
> 4)Where can i get the IPvs-Masq software please?The URL would be a help.
> I tried youre web site but nothing explicitly said IPVS-masq:)
There is no such software. This is a LVS forwarding method:
the NAT mode.
Regards
--
Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
|
