Hello all,
I'd just like to report that I got LVS-TUN working for a
Linux(as director)-OpenBSD(as realserver). I am currently testing LVS so
we could use it to loadbalance web service requests (http) over different
sites (different IPs/different blocks) therefore LVS-TUN is required. I've
read some of the documentation stuff from www.linuxvirtualserver.org and
the how-to's as well but not all of it yet. I got the LVS-NAT working just
to see how LVS works and get familiar with the configure script and
ipvsadm. We will be using Debian GNU/Linux 2.2 with kernel 2.2.19 for the
director and OpenBSD realservers. When I got to implementing the LVS-TUN,
I got lost because I didn't know how to go about it. The how-to mentioned
it only worked with Linux but said further that it would work as long as
the OS supports tunneling. I know FreeBSD implements tunneling but I've
only used it for IPv6-in-IPv4 tunneling and I didn't quite understand how
tunneling in Linux worked. For example, in linux to create a tunnel, you
did this:
on the director: no tunnel is created because ipvs does the encapsulation
on the realserver:
ifconfig tunl0 172.26.20.110 netmask 255.255.255.255 broadcast
172.26.20.110
route add -host 172.26.20.110 dev tunl0
Basically, I understand that the tunl0 is identified with the remote
tunnel end (VIP) but I don't understand the "route add" part since LVS-TUN
only implements a one-way tunnel. That is, from the director to the
realserver, tunneling from realserver-to-director is not required and
seems useless. The realserver routes following it's default router path
direct to the client. So that's where I got stuck. "How do you say
this in *BSD using the gif0 interface, the one I'm familiar with?" In the
end, this is the topology we'd like to implement:
--------
| client |
--------
|
|
Internet
|
|
LVS director, Linux
|
| ______________
-------...tunnel.....-->(one-way-tunnel)realserver, *BSD
| --------------
|
realserver(local-NAT), *BSD
with the tunneled packet routed normally through its routers/gateways
(edge routers or other) down to the realserver.
My test setup looks like this:
[ client with a live IP ] -------gw------eth0(10.10.8.98, DIP) [director]
| eth0:110 (VIP)
|
|___fxp0(10.10.8.199,RIP)[realserver]
So what I did on the OpenBSD realserver is this,
ifconfig fxp0 10.10.8.199 netmask 255.255.255.0 up
route add default 10.10.8.1
ifconfig gif0 tunnel 10.10.8.199 10.10.8.98
ifconfig lo0 _VIP netmask 255.255.255.255
10.10.8.1 is the default gateway for the private network. Notice that the
tunnel endpoint is the DIP (not VIP like in Linux). This is because as I
understand, the packet that arrives at the realserver (encapsulated by
ipvs) has this format:
[D|R|C|V|...payload....]
where, D - director address, R - realserver address, C - client address,
and V - VIP address. Decapsulation is done by the gif0 tunnel, after that
it sees that the packet is destined to itself (VIP defined at its lo0
interface) and processes it normally with source IP= client IP.
When I do "telnet VIP" from the client, I successfully enter
10.10.8.199 after the login.
Please comment if I'm doing anything wrong or some things I didn't
understand. I've still a long way to go but it's working. :)
Lastly, sorry for making this too long and thank you to the developers and
all who help the linux virtual server project for doing a great work
especially to Wensong Zhang and Joseph Mack. :)
Best regards,
carla
|