Hi!
> > - LVS accepting packets by transparent proxy
>
> the director, realservers or both?
On both.
> > - ipfwadm to send the packets on port 80 to port 8080 (squid)
>
> ipvs can only rewrite port numbers in VS-NAT mode.
> Tell us where the ports are being rewritten.
The IPVS (virtual server) gets the requests on port 80
(as all http-requests) and redirects them to the realserver
port 80. Squid is running on the realserver port 8080,
so the packets are sent from realserver:80 to realserver:8080
(by each realserver).
> > - arp-problem handled by setting arp-table-entry on client
>
> do you mean on realserver?
???
No, on the test-client. Since it's just for testing (I won't
have the arp-problem in the "real" environment) I can make
an entry the arp-table on the client. If he wants to send
something to 192.168.10.110, he'll find an entry in his arp-
table with the adress of the virtual server.
Wait a minute - since the realserver accepts the packets by
TP, there's no need for the entry 192.168.10.110 any more,
correct? At least, there's no change if I remove it :-)
The client talks to the virtual server by "default route"
then. The default route is set to the real IP of the
virtual server, not on the VIP.
In fact, I use "tcpdump", and at least the conversation
between client and virtual server looks o.k.
> what happens if you also allow the director to forward telnet?
> Do you connect to one machine or each machine alternately?
Hmm. There's something I don't understand. If I use TP, I
don't really need a VIP any more, do I? I don't want to
answer requests for a single IP (VIP), but all requests
for all IPs should be sent to a farm on squid-caches.
Nomally, I don't need a VIP, correct?
ifconfig doesn't indicate a VIP on the virtual server at least.
ifconfig doesn't indicate a VIP on the real servers either.
ifconfig doesn't indicate a tunnelling device on the real
servers, and that's confusing for me a bit.
But if I call "telnet 192.168.10.110" (which is the VIP that
seems not to exist), then realserver1 answers. I didn't find
out, if the virtual server redirected it there or if it's
answering directly, but it's always realserver1, never
realserver2.
So, realserver1 always answers, it's not important if it's
a telnet or a http-request.
Maybe it's just the arp-problem. I have to think about it.
Thomas
|