|
On Wed, Oct 04, 2000 at 03:05:11PM -0200, Bruno L. F. Cabral wrote:
> Hi there
>
> thanks for answering
>
> > > I have a little different balance question. let's suppose that I
> > > have a LVS-NAT diretor with two VIPs on distinct IP subnet's
>
> > > VIP1 -> 64.x.x.10, default gateway 64.x.x.1
> > > VIP2 -> 200.y.y.5, default gateway 200.y.y.30
>
> > I'm not sure I fully understand the question.
> >
> > You have two networks, 64.x.x/8 and 100.y.y/24 for arguments sake.
> > The LVS host is connected to both of these networks and
> > has a VIP on each.
>
> yes
>
> > What I don't understand is where the internal LAN comes into
> > the equation.
>
> it doesn't. the problem really is how could I have TWO default
> routes, one for connections made on 64.x.x.10 and the other
> to connections made on 200.y.y.5
>
> > Also, do the do LAN1 and LAN2 have their own external connectivity
> > though 64.x.x.1 and 200.y.y.30 respectively which is
> > separaate from the LVS host?
>
> yes. each LAN is provided by a different backbone, so connections
> that arrive from one or another must be returned to the source ones
>
> > If you want LVS to direct traffic to different virtual services
> > based on the _source_ address of the request this can be done
> > using fwmark.
>
> actually the source has to be the phisical LAN interface, but
> your example here seems reasonable (thank you for that!)
>
> > # Mark traffic destined for either VIP from a host in LAN1 with fwmark 1
> > ipchains -A input -d VIP1 -s LAN1 -m 1
> > ipchains -A input -d VIP2 -s LAN1 -m 1
>
> I suppose here will be only the first command, because VIP2 shouldn't
> be accessed from LAN1
>
> > # Mark traffic destined for either VIP from a host in LAN2 with fwmark 2
> > ipchains -A input -d VIP1 -s LAN2 -m 2
> > ipchains -A input -d VIP2 -s LAN2 -m 2
>
> same here. VIP1 shouldn't be accessed from LAN2
>
> > # Set up a virtual service for fwmark 1
> > ipvsadm -A -f 1
> > ipvsadm -a -f 1 -r 64.x.x.a
> > ipvsadm -a -f 1 -r 64.x.x.b
> >
> > # Set up a virtual service for fwmark 2
> > ipvsadm -A -f 2
> > ipvsadm -a -f 2 -r 200.x.x.a
> > ipvsadm -a -f 2 -r 200.x.x.b
>
> but how could I force the different default routing for the second LAN?
You could probably do this using a cobination of LVS and transparent
proxying but you would probably be better to use the ip command.
Take a look at
http://marc.theaimsgroup.com/?l=linux-virtual-server&m=96990964404042&w=2
Reading from this something along the lines of
ip rule add prio 100 from LAN1 table 100
ip route add table 100 0/0 via 64.x.x.1 dev eth0
ip rule add prio 100 from LAN2 table 100
ip route add table 100 0/0 via 200.y.y.30 dev eth1
should work, though I havn't tested it and my experience with the ip
command is limited.
--
Horms
|
