Re: will this work (direct routing)?

To:	"Ian S. McLeod" <ian@xxxxxxxxxxx>, "tc lewis" <tcl@xxxxxxxxx>
Subject:	Re: will this work (direct routing)?
Cc:	<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From:	"Ted Pavlic" <tpavlic@xxxxxxxxxxx>
Date:	Tue, 11 Jul 2000 19:21:40 -0400

Just for the record, ip comes with RedHat 6.1 and RedHat 6.2.

iproute-2.2.4-2.i386.rpm
iproute-2.2.4-2.i386.rpm

Found in both packages.

And you can find some other versions on contrib.redhat.com:

iproute2-2.2.4-now-ss990417-2.i386.rpm

All the best --
Ted

----- Original Message -----
From: "Ian S. McLeod" <ian@xxxxxxxxxxx>
To: "tc lewis" <tcl@xxxxxxxxx>
Cc: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, July 11, 2000 2:10 PM
Subject: Re: will this work (direct routing)?


> This should work.  However, attempts to connect directly to the outside
> internet from the Real Servers will most likely fail.  Why?  Because they
> will forward packets to the gateway with a source address inside of a
> private IP range (192.168) which the router will drop.
>
> As best I can tell, the only way to solve this problem is to have the LVS
> servers double as masquerading gateways and use source based routing on
> the Real Servers such that:
>
> Packets with a source address of the VIP go directly to the "real"
> gateway, achieving the performance benefits of DR.
>
> Packets with a source address inside of 192.168 are routed to the
> masquerading gateway on the LVS boxes.
>
>
> When I last investigated this the only way to do source based routing on
> Linux was with the "ip" command (which I can't find in any recent
> distributions).  Anyone know where it went?
>
> -Ian
>
> On Tue, 11 Jul 2000, tc lewis wrote:
>
> >
> > here's what i'm thinking i can do:
> >
> > 200.200.200.1 = router
> > (whatever, some publically-accessable ip range...)
> > 200.200.200.11 = lvs balancer 1.
> > 200.200.200.12 = lvs balancer 2.
> > route 192.168.100.0/255.255.255.0 added to both balancers (not sure if
this is even necessary)
> > 192.168.100.101 = real server 1.
> > 192.168.100.102 = real server 2.
> > route 200.200.200.0/255.255.255.0 added to both real servers.
> > gateway on real servers = 200.200.200.1
> >
> > 2 balancers that fail over via heartbeat/ultramonkey.
> >
> > i'd like to do balancing on port 80 with the direct routing method.
i'll
> > probably use ipchains on the real servers to solve the arp problem as
i'll
> > probably be redirecting port 80 to some non-priviledged port on the real
> > server anyway (8080, whatever).  the machines listed above will not be
> > physically segmented--they'll all be on the same vlan of a foundry
> > workgroup network switch.
> >
> > will this work?  if they're on the same physical segment like this then
> > the balancers should be able to redirect traffic properly via direct
> > routing, and the real servers can then send back out to the real world
> > with that 200.200.200.0 route through the .1 gateway.
> >
> > am i correct or am i missing something here?
> >
> > sorry, it's been a while since i've done much with lvs, so i just wanted
a
> > quick confirmation.  thanks!
> >
> > -tcl.
> >
> >
> >
> >
>
>
>
>

<Prev in Thread]	Current Thread	[Next in Thread>
will this work (direct routing)?, tc lewis Re: will this work (direct routing)?, Ian S. McLeod Re: will this work (direct routing)?, tc lewis Re: will this work (direct routing)?, Ted Pavlic <=

Previous by Date:	Real server not able to talk to the active router, Hitesh Parashar
Next by Date:	Re: Real server not able to talk to the active router, Keith Barrett
Previous by Thread:	Re: will this work (direct routing)?, tc lewis
Next by Thread:	Real server not able to talk to the active router, Hitesh Parashar
Indexes:	[Date] [Thread] [Top] [All Lists]