Re: observation with ldirectord and using fwmark

To:	Jeremy Hansen <jeremy@xxxxxxxxxxxx>
Subject:	Re: observation with ldirectord and using fwmark
Cc:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From:	Horms <horms@xxxxxxxxxxxx>
Date:	Thu, 14 Sep 2000 18:57:39 -0400

On Thu, Sep 14, 2000 at 03:19:48PM -0400, Jeremy Hansen wrote:
> 
> Now that Horms fixed ldirectord to work with fwmark, I've made an
> observation and I want to see if my concern is valid.
> 
> The cool thing about using fwmark for me is the fact that you can do
> something like this:
> 
> -A input -s 0.0.0.0/0.0.0.0 -d 10.2.9.5/255.255.255.255 80:80 -p 6 -m 1
> -A input -s 0.0.0.0/0.0.0.0 -d 10.2.9.5/255.255.255.255 443:443 -p 6 -m 1
> -A input -s 0.0.0.0/0.0.0.0 -d 10.2.9.5/255.255.255.255 21:21 -p 6 -m 1
> 
> I can associate a bunch of different but specific ports to a single fwmark
> and then this allows me to place a single rule in ipvsadm:
> 
> ipvsadm -A -f 1 10.2.9.5:0
                   ^ You don't need this Address:Port, in fact it is
                   syntacically incorrect. The command should be
                   ipvsadm -A -f 1

> ipvsadm -a -f 1  -r 10.2.9.10:0
> ipvsadm -a -f 1  -r 10.2.9.11:0
> 
> IP Virtual Server version 0.9.15 (size=8192)
> Prot LocalAddress:Port Scheduler Flags
>   -> RemoteAddress:Port          Forward Weight ActiveConn InActConn
> FWM  1 wlc
>   -> 10.2.9.11:0                 Route   1      0          0         
>   -> 10.2.9.10:0                 Route   1      0          0         
> 
> So this is great, cause if I have ftp, https, http all associate with
> fwmark 1 for a group of services that will definitely be balances accross
> all real server, then this to me makes thing real simple.  One rule, three
> different services, clean and nice.
> 
> But the problem with this is that ldirectord then seem to get
> confused.  Something like this in my config:
> 
> virtual=1
>         real=10.2.9.10:0 gate
>         real=10.2.9.11:0 gate
>         fallback=127.0.0.1:80
>         service=none
>         scheduler=rr
>         #persistent=600
>         protocol=fwm
>         checktype=connect
> 
> just causes ldirectord to fail and use the fallback server and I'm
> assuming this is because the port 0 is used as the reference as to what
> port to use to connect and test.
> 
> So, is there any way around this?
> 
> Using something like real=10.2.9.10:80 makes it work fine of course, but
> won't this screw up my ability to fwmark multiple ports?

You will need to select a service for ldirectord to monitor. HTTP is
probably as good as any. 

You can specify port 80 for the real servers as ipvsadm ignores the port if
you are adding a real server to a fwmark service. Alternativley if
you add connectport=80 to the setup above I believe you will
get what you want.

-- 
Horms

<Prev in Thread]	Current Thread	[Next in Thread>
observation with ldirectord and using fwmark, Jeremy Hansen Re: observation with ldirectord and using fwmark, Horms <= Re: observation with ldirectord and using fwmark, Jeremy Hansen Re: observation with ldirectord and using fwmark, Horms Re: observation with ldirectord and using fwmark, Jeremy Hansen Re: observation with ldirectord and using fwmark, Horms Re: observation with ldirectord and using fwmark, Jeremy Hansen Re: observation with ldirectord and using fwmark, Horms Re: observation with ldirectord and using fwmark, Jeremy Hansen Re: observation with ldirectord and using fwmark, Horms Re: observation with ldirectord and using fwmark, Ted Pavlic Re: observation with ldirectord and using fwmark, Jeremy Hansen

Previous by Date:	Re: Webmonkey / Ldirectord difficulties. Please advise., Horms
Next by Date:	Re: firewall farm, Horms
Previous by Thread:	observation with ldirectord and using fwmark, Jeremy Hansen
Next by Thread:	Re: observation with ldirectord and using fwmark, Jeremy Hansen
Indexes:	[Date] [Thread] [Top] [All Lists]