I have been evaluating the Intel 7110 and the 7180 SSL E-commerce
accelerators recently. I would prefer to use the 7110's (Straight SSL
Accelerators) coupled with LVS instead of throwing out LVS and using the
7180 as the cluster director.
Now, before anyone says "You can do that with LVS-TUN", I am aware that
I can fix this problem with LVS-TUN but I would like to see if there is
a fix for LVS-DR that would let this work as I prefer the performance of
LVS-DR over LVS-TUN
Here is how I have the network setup
________
| |
| client |
|________|
|
(router)
|
__________ |
| | |
| director |---|
|__________| |
|
|
-----------------------------------
| | |
| | |
____________ ____________ ____________
| | | | | |
| 7110 SSL | | 7110 SSL | | 7110 SSL |
|____________| |____________| |____________|
| | |
| | |
____________ ____________ ____________
| | | | | |
| realserver | | realserver | | realserver |
|____________| |____________| |____________|
These 7110 SSL Accelerators have 2 Ports, IN one and OUT one. The
problem is that when the request comes into the Director and the
director looks up the MAC address of the RealServer, it is getting the
MAC address of the First NIC in the 7110 Director, so when the packet
headers are rewritten with the Destination MAC Address, the MAC address
of a NICK in the 7110 is written instead of the MAC of the RealServer.
The effect is a black hole.The cluster works fine without the 7110 in
between LVS and the RealServer, as soon as I swap in the 7110, all
traffic bound for the RealServer with the 7110 in front of it is
blackholed.
I am really hoping that someone has encountered something like this and
has a fix. The obvious fix would be to be able to on the director force
the MAC addresses of the RealServer instead of looking them up.
Any ideas?
|