LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: as if you need more direct routing questions..

from [Stephen Rowles] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: as if you need more direct routing questions..
Cc: "John Lukac" <johnl@xxxxxxxx>
From: Stephen Rowles <spr@xxxxxxxxxxxxxxx>
Date: Wed, 22 Nov 2000 10:27:49 +0000 
At 18:20 21/11/2000 -0800, you wrote:


Hi there,


Hi,


something to be desired).  The important part is that my setup didn't
work for clients outside the VIP's netmask (the VIP is one of the
external routable IP's).  If it'd help, I can draw the topology on paper
and scan it in..


I have had the same problem when using an ATM backbone which was provided
by a company called newbridge. As you have mentioned VLANS I assume that you
might be running into the same problem....
In my case the ATM backbone routing software will not route IP packets to a MAC address that has not replied to the ARP request for that IP, and it will not route IP packets claiming to be one IP address from multiple different MAC addresses. This breaks direct routing, or any other 
routing which requires one IP address to come from multiple MAC addresses.



The why: According to some follow-ups I've read, it seems that the NAT
method is the "correct" setup when the director is to act as the load
balancer, firewall, and gateway for the internal machines.  But I'd like
to skip that final "unecessary" hop back through the director and just
go directly through the isp's router.  But then, I only have a few ip's
from the isp.  Gronk.
If the problem is the same as above then you have to route back through the director, otherwise you end up with the "IP spoofing" protection in the ATM routing software refusing to route the packets. With NAT all communication is one IP to one MAC so 
the problem is not encountered.


I appreciate any comments, and feel free to poke fun at the learning
network admin :)
Jano
Of course this could be way off base and nothing to do with your problem, but it's 
worth checking out ;)



_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users


Steve.

----------------------------------------------------------------------------
Going to church doesn't make you a Christian any more than going to a garage
makes you a mechanic.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  TLS on LVS, ::K - N o m a
Next by Date:  Heartbeat config-question, Klaus Thiele
Previous by Thread:  as if you need more direct routing questions.., John Lukac
Next by Thread:  Re: as if you need more direct routing questions.., tc lewis
Indexes:  [Date] [Thread] [Top] [All Lists]