|
Hi there
thanks for answering
> > I have a little different balance question. let's suppose that I
> > have a LVS-NAT diretor with two VIPs on distinct IP subnet's
> > VIP1 -> 64.x.x.10, default gateway 64.x.x.1
> > VIP2 -> 200.y.y.5, default gateway 200.y.y.30
> I'm not sure I fully understand the question.
>
> You have two networks, 64.x.x/8 and 100.y.y/24 for arguments sake.
> The LVS host is connected to both of these networks and
> has a VIP on each.
yes
> What I don't understand is where the internal LAN comes into
> the equation.
it doesn't. the problem really is how could I have TWO default
routes, one for connections made on 64.x.x.10 and the other
to connections made on 200.y.y.5
> Also, do the do LAN1 and LAN2 have their own external connectivity
> though 64.x.x.1 and 200.y.y.30 respectively which is
> separaate from the LVS host?
yes. each LAN is provided by a different backbone, so connections
that arrive from one or another must be returned to the source ones
> If you want LVS to direct traffic to different virtual services
> based on the _source_ address of the request this can be done
> using fwmark.
actually the source has to be the phisical LAN interface, but
your example here seems reasonable (thank you for that!)
> # Mark traffic destined for either VIP from a host in LAN1 with fwmark 1
> ipchains -A input -d VIP1 -s LAN1 -m 1
> ipchains -A input -d VIP2 -s LAN1 -m 1
I suppose here will be only the first command, because VIP2 shouldn't
be accessed from LAN1
> # Mark traffic destined for either VIP from a host in LAN2 with fwmark 2
> ipchains -A input -d VIP1 -s LAN2 -m 2
> ipchains -A input -d VIP2 -s LAN2 -m 2
same here. VIP1 shouldn't be accessed from LAN2
> # Set up a virtual service for fwmark 1
> ipvsadm -A -f 1
> ipvsadm -a -f 1 -r 64.x.x.a
> ipvsadm -a -f 1 -r 64.x.x.b
>
> # Set up a virtual service for fwmark 2
> ipvsadm -A -f 2
> ipvsadm -a -f 2 -r 200.x.x.a
> ipvsadm -a -f 2 -r 200.x.x.b
but how could I force the different default routing for the second LAN?
thanks for helping
!3runo
|
