|
On Fri, Sep 15, 2000 at 08:21:04AM -0400, Ted Pavlic wrote:
> > I like it. Can't see anything wrong with it off the top of my head.
>
> I've been using it for about a year -- so I'm sure it works. :)
>
> > > The key difference in this scenario is that the director does NOT have
> the
> > > IP address installed; rather it is a router that knows how to get to
> the
> > > IP address.
>
> The thing is the LVS DOES have to have the IP address installed in order for
> LVS to get it.
Not so.
The Linux Direcor has to see the traffic for the VIP as local.
One method of doing this, and the most conveneint if traffic isn't
otherwise routed to the Linux Director, is to set up an IP alias
on an ethernet interface.
Another option as you suggest below is to have the IP address on a hidden
loopback interface. This will avoid uneccessary ARP action but as
you say is only *LIKE* a router.
Another method, which has a slight performance hit, but is arguably
more flexible and more router-like is to use transparent proxying
as set up by ipcahins. This will make the Linux Director see traffic
matching the ipchains rule(s) as local.
> LVS is *LIKE* a router -- but it is isn't exactly a router. In order for LVS
> to grab each VIP, look at them, change how they are routed dynamically, and
> then route them on, it will need the VIPs.
>
> Just assign the VIPs to a hidden loopback device. Doing so will end up
> getting the LVS to listen to *EVERY* IP on the entire network you assign to
> the loopback device, which is VERY handy.
--
Horms
|
