LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: will this work (direct routing)?

from [Ian S. McLeod] [Permanent Link]
To: tc lewis <tcl@xxxxxxxxx>
Subject: Re: will this work (direct routing)?
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: "Ian S. McLeod" <ian@xxxxxxxxxxx>
Date: Tue, 11 Jul 2000 11:10:38 -0700 (PDT) 
This should work.  However, attempts to connect directly to the outside
internet from the Real Servers will most likely fail.  Why?  Because they
will forward packets to the gateway with a source address inside of a
private IP range (192.168) which the router will drop.

As best I can tell, the only way to solve this problem is to have the LVS
servers double as masquerading gateways and use source based routing on
the Real Servers such that:

Packets with a source address of the VIP go directly to the "real"
gateway, achieving the performance benefits of DR.

Packets with a source address inside of 192.168 are routed to the
masquerading gateway on the LVS boxes.


When I last investigated this the only way to do source based routing on
Linux was with the "ip" command (which I can't find in any recent
distributions).  Anyone know where it went?

-Ian

On Tue, 11 Jul 2000, tc lewis wrote:

> 
> here's what i'm thinking i can do:
> 
> 200.200.200.1 = router
> (whatever, some publically-accessable ip range...)
> 200.200.200.11 = lvs balancer 1.
> 200.200.200.12 = lvs balancer 2.
> route 192.168.100.0/255.255.255.0 added to both balancers (not sure if this 
> is even necessary)
> 192.168.100.101 = real server 1.
> 192.168.100.102 = real server 2.
> route 200.200.200.0/255.255.255.0 added to both real servers.
> gateway on real servers = 200.200.200.1
> 
> 2 balancers that fail over via heartbeat/ultramonkey.
> 
> i'd like to do balancing on port 80 with the direct routing method.  i'll
> probably use ipchains on the real servers to solve the arp problem as i'll
> probably be redirecting port 80 to some non-priviledged port on the real
> server anyway (8080, whatever).  the machines listed above will not be
> physically segmented--they'll all be on the same vlan of a foundry
> workgroup network switch.
> 
> will this work?  if they're on the same physical segment like this then
> the balancers should be able to redirect traffic properly via direct
> routing, and the real servers can then send back out to the real world
> with that 200.200.200.0 route through the .1 gateway.
> 
> am i correct or am i missing something here?
> 
> sorry, it's been a while since i've done much with lvs, so i just wanted a
> quick confirmation.  thanks!
> 
> -tcl.
> 
> 
> 
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  will this work (direct routing)?, tc lewis
Next by Date:  Re: will this work (direct routing)?, tc lewis
Previous by Thread:  will this work (direct routing)?, tc lewis
Next by Thread:  Re: will this work (direct routing)?, tc lewis
Indexes:  [Date] [Thread] [Top] [All Lists]