On 2000-05-23T11:14:20,
Horms <horms@xxxxxxxxxxxx> said:
> As an aside, this is analogous to the behaviour when the clients,
> and real servers are on the ssmae network and LVS/DR is used thanks
> to ICMP redirects.
No, it is not. This would be a per connection thing, instead of a per client
issue.
In fact, in a topology like
Default gateway / router: 192.168.1.1/24
LVS = 192.168.1.2/24
VIP = 192.168.1.3/24
Realserver R1 = 192.168.1.100/24
If the LVS issued a ICMP redirect for the VIP to the router, directing it to
R1 directly, this would even work, and have the desired effect of by passing
the LVS for all further traffic.
_Unfortunately_, the ICMP redirect would affect _all_ traffic to the VIP, not
just for this single connection, as the ICMP redirect affects the VIP itself,
and not just the client src_ip/dest_ip=VIP combination.
At least that is my understanding.
If we assume that the router in front of the network is a Linux box, we may
have a chance to mess with its routing cache to achieve this functionality.
(On the other hand, we could just run the DR functionality on that box anyway,
without making availability or performance worse)
Now, the most common router on the network probably says "CISCO", and while
they do have a routing cache model which would basically allow for such
behaviour (at least my understanding is that their NetFlow routing model is
based on the TCP/IP stream, and not just the target IP), I do not know of any
way to actually deliberately _modify_ this cache from the outside.
> If it is possible, it would need to be an option (possibly the default)
> as some applications require the return address to match the address
> that the connection was requested for.
I think after reading the RFCs I found that the original asked for behaviour
is not allowed. A redirection trick like above, if we were able to implement
it, would allow for that though.
Sincerely,
Lars Marowsky-Brée <lmb@xxxxxxx>
Development HA
--
Perfection is our goal, excellence will be tolerated. -- J. Yahl
|