ok, cool. gotcha on the other traffic being dropped thing. i could
always just throw a separate box in there entirely to masquerade the real
servers. hmm but then everything would be forwarded through that box,
which is a needless extra hop for web traffic, so yeah that leads back to
what you were saying about source-based forwarding. that's no big deal
for me at this point. the real servers shouldn't need to get outside of
the internal network except for lvs-forwarded traffic (http requests).
nevertheless, thanks for the heads up on that in case i go down that road
later.
in rh6.2, "ip" (/sbin/ip) and related tools are in the "iproute" package.
-tcl.
On Tue, 11 Jul 2000, Ian S. McLeod wrote:
> This should work. However, attempts to connect directly to the outside
> internet from the Real Servers will most likely fail. Why? Because they
> will forward packets to the gateway with a source address inside of a
> private IP range (192.168) which the router will drop.
>
> As best I can tell, the only way to solve this problem is to have the LVS
> servers double as masquerading gateways and use source based routing on
> the Real Servers such that:
>
> Packets with a source address of the VIP go directly to the "real"
> gateway, achieving the performance benefits of DR.
>
> Packets with a source address inside of 192.168 are routed to the
> masquerading gateway on the LVS boxes.
>
>
> When I last investigated this the only way to do source based routing on
> Linux was with the "ip" command (which I can't find in any recent
> distributions). Anyone know where it went?
>
> -Ian
>
> On Tue, 11 Jul 2000, tc lewis wrote:
>
> >
> > here's what i'm thinking i can do:
> >
> > 200.200.200.1 = router
> > (whatever, some publically-accessable ip range...)
> > 200.200.200.11 = lvs balancer 1.
> > 200.200.200.12 = lvs balancer 2.
> > route 192.168.100.0/255.255.255.0 added to both balancers (not sure if this
> > is even necessary)
> > 192.168.100.101 = real server 1.
> > 192.168.100.102 = real server 2.
> > route 200.200.200.0/255.255.255.0 added to both real servers.
> > gateway on real servers = 200.200.200.1
> >
> > 2 balancers that fail over via heartbeat/ultramonkey.
> >
> > i'd like to do balancing on port 80 with the direct routing method. i'll
> > probably use ipchains on the real servers to solve the arp problem as i'll
> > probably be redirecting port 80 to some non-priviledged port on the real
> > server anyway (8080, whatever). the machines listed above will not be
> > physically segmented--they'll all be on the same vlan of a foundry
> > workgroup network switch.
> >
> > will this work? if they're on the same physical segment like this then
> > the balancers should be able to redirect traffic properly via direct
> > routing, and the real servers can then send back out to the real world
> > with that 200.200.200.0 route through the .1 gateway.
> >
> > am i correct or am i missing something here?
> >
> > sorry, it's been a while since i've done much with lvs, so i just wanted a
> > quick confirmation. thanks!
> >
> > -tcl.
> >
> >
> >
> >
>
>
>
>
|