|
Julian Anastasov wrote:
>
> Hello Joe,
>
> On Tue, 10 Apr 2001, Joseph Mack wrote:
>
> > > The patched LVS:
> > >
> > > 10.1.2.0:0 -> FWMARK:0 -> RIP:0
> >
> > so if I did
> >
> > iptables -s 10.1.2.3 -m 1
> > ipvsadm -A -f 1 -s rr -p 600 -M 255.255.255.0
> >
> > only packets from 10.1.2.3 will have a fwmark on them,
> > but the director would forward all packets from
> > 10.1.2.0/24, even those without fwmarks?
>
> The patched LVS will accept only the marked packets for this
> fwmark service, from the same /24 client subnet. If only one client IP
> sends packets that are marked then the real service will receive packets
> only from 10.1.2.3.
OK, only 10.1.2.3 is marked
> The current LVS versions don't consider the
> service and all packets CIPNET -> VIP
but there is no VIP here, I'm using fwmark only.
what does the -M 255.255.255.0 do in this case?
> will be forwarded using the
> first created template for CIPNET:0->VIP:0, i.e. these packets will
> randomly hit one of the many services that accept packets for the
> same VIP (just like in your setup) and then may be a wrong real server.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
