Re: LVS using NAT and several routers

To:	Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: LVS using NAT and several routers
Cc:	Michael Burschik <burschik@xxxxxxxxx>, lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From:	bobby.moore@xxxxxxxxxxxxx
Date:	Fri, 12 May 2000 08:07:17 -0400

How would you do it if your real servers can't policy route (route based
upon source address)?

Bobby Moore Worldspan
Phone: 770.563.7362 Fax: 770.563.6406
bobby.moore@xxxxxxxxxxxxx


                                                                                
                                   
                    Julian Anastasov                                            
                                   
                    <uli@xxxxxxxxxxxxx        To:     Michael Burschik 
<burschik@xxxxxxxxx>                        
                    a.acad.bg>                cc:     
lvs-users@xxxxxxxxxxxxxxxxxxxxxx                             
                                              Subject:     Re: LVS using NAT 
and several routers                   
                    05/12/2000 07:48                                            
                                   
                    AM                                                          
                                   
                                                                                
                                   
                                                                                
                                   



           Hello,

On Fri, 12 May 2000, Michael Burschik wrote:

> I would like to build a Linux Virtual Server using NAT and several
> routers. The problem with this approach seems to be that the LVS
> router changes only the destination address of IP packets and
> forwards them to the real servers. The source address of the IP
> packets is not changed, however. For this reason, the real servers
> must use the LVS router as their default gateway. This precludes
> simply using several LVS routers to address all of the real servers.
>
> It seems that this problem could be avoided if the source address of
> the IP packets were also changed, i.e. if the LVS router would also
> masquerade incoming packets. If this were the case, the default route
> would never be used, as all traffic would appear to be local. This can
> not be achieved by simply adding an appropriate masquerading rule to
> the forward chain, it seems. I assume that the IP packets rewritten by
> the LVS code bypass the forward chain completely, although they are,
> in a sense, being forwarded.
>
> Wouldn't it be better to make use of masquerading in both directions,
> or am I missing some vital point?

           If you use multiple LVS Directors in NAT mode (the question
is how?) you can use different logical internal RIPs. The outgoing
packets from the real servers can be routed based on the saddr value.
You can try with policy routing. For example:

if saddr is from 192.168.0.* => use DIP1 as gateway
if saddr is from 192.168.1.* => use DIP2 as gateway

DIP1 will forward to real servers in the 192.168.0 net and
DIP2 will forward to real servers in the 192.168.1 net

The question is how you split the requests to two LVS directors?
By client's address? Or by different VIP ?


Regards

--
Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
LVS using NAT and several routers, Michael Burschik Re: LVS using NAT and several routers, Julian Anastasov Re: LVS using NAT and several routers, bobby . moore <= Re: LVS using NAT and several routers, Julian Anastasov Re: LVS using NAT and several routers, bobby . moore Re: LVS using NAT and several routers, Julian Anastasov

Previous by Date:	Re: LVS using NAT and several routers, Julian Anastasov
Next by Date:	Re: LVS using NAT and several routers, Julian Anastasov
Previous by Thread:	Re: LVS using NAT and several routers, Julian Anastasov
Next by Thread:	Re: LVS using NAT and several routers, Julian Anastasov
Indexes:	[Date] [Thread] [Top] [All Lists]