I have kind of a strange requirement. I am trying to swap an appliance
box with ipvs. One of the requirements to make this happen is to make
ipvs work without making any changes to the servers or the clients. So
here is the problem. I need to do VS-NAT when the VIP, RIP, and CIP are
all on the same network. If I weren't using ipvs, and had only one server
the problem and the solution is:
http://netfilter.samba.org/unreliable-guides/NAT-HOWTO.txt
In section:
10. Destination NAT Onto the Same Network
But I have more than one server behind the VIP, so what happens is:
CIP sends SYN to VIP, the VIP changes the Destination IP as expected, but
the Source IP is still the CIP, and the Real Server tries to respond
directly back to the client.
So the setup is like a VS-DR, but that won't work either (other clients
connect directly to the RIP, and I also can't change the Real Servers).
Here is a diagram of what I have:
_______
| |
| client|
|_______|
CIP=192.168.1.101
|
|
__________ |
| | |
| director |---| VIP=192.168.0.1 (eth0)
|__________| |
|
|
-----------------------------------
| | |
| | |
RIP1=192.168.0.10 RIP2=192.168.0.11 RIP3=192.168.0.12
_____________ _____________ _____________
| | | | | |
| realserver | | realserver | | realserver |
|_____________| |_____________| |_____________|
If this doesn't make any sense I can try to explain another way..
LVS is wonderful, now if I could just get someone to add SSL persistance
for a couple of cases of beer my life would be perfect for a day.
|