|
Serge Sozonoff wrote:
>
> Hi Joe,
>
> Sorry, I think we (I) am getting mixed up.
>
> > have we changed from talking about VS-DR?
>
> My original message was that LVS-NAT + ethernet bridgeing could be an
> alternative to LVS-DR. I never talked about LVS-DR + ethernet bridgeing
ah, I'm back on track now. I was the one that started talking about VS-DR.
> >> packets are delivered to the real
> >> servers through NAT done by the LD.
>
> >no. The same packet with unchanged dst_addr is pushed out of
> the director
> >to the realserver. No NAT.
>
> Yes, for LVS-DR.
> --but--
> If we have IPVS setup for NAT over ethernet bridgeing, then surley the
> packet header will be re-written when it hits the LD (normal LVS-NAT).
> However the reply from the realserver will have the MAC address of the
> router and the IP of its destination (ie Client). The packet header does
> not need to be reverse NAT'd on its way out because the LD is acting as
> a bridge.
> Am I making any sense?
The logic is impecable. However some of your facts aren't correct.
the client sends a packet with src=CIP, dst=VIP (abbreviated CIP->VIP),
the realserver receives a packet with the dst rewritten (CIP->RIP). The
realserver replies (RIP->CIP). If this arrives at the client directly
(as happens when you don't have the director as the default gw of the
realservers),
the packet is not recognised at part of any request the client made.
The reply packets have to be masqueraded on the way out.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
