Re: LVS Routing Method Question

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	Re: LVS Routing Method Question
Cc:	piranha-list@xxxxxxxxxx, <mack.joseph@xxxxxxx>
From:	"Matthew S. Crocker" <matthew@xxxxxxxxxxx>
Date:	Sat, 14 Dec 2002 12:18:40 -0500 (EST)

On Sat, 14 Dec 2002, pb wrote:

> Matt and all,
>  
> > What exactly is strict NAT routing?
> 
> Our network guy told me about this - I forget the
> exact term other than he did say "strict NAT routing"
> and it involved source/destination IP addresses all
> being re-written in the transmitted packets by the NAT
> router.  If not all IP addresses are rewritten, it is
> not true NAT.  Thus, we cannot get a NetWare server
> with LDAP and 2 network cards (one side on LVS's
> private network) working with NAT because looking at
> the contents of the packets it shows it not to be true
> NAT, as I poorly explained.  

Hrm,  So he wants the source address of the incoming connection to be 
re-written to that of your internal address of your LVS server?  I'm not 
exactly sure why you would want to do this but it can be done.  It is not 
really the job of LVS it would be handled by an iptables rule.

Basically, use LVS-NAT to re-write the destination IP of the packet to 
that of the real server IP.  This is done as the packet enters the LVS 
router.  Then,  re-write the source IP to that of the LVS internal IP 
address.  This is done by iptables as the packet leaves the router.

The desitnation of the returning packet gets re-written as the packet 
enters the router on the LVS internal interface.  The source of the return 
packet gets re-written by LVS module as it leaves the router on the LVS 
external interface.  I'm not sure why you wouldn't want to see the real 
source IP at the real servers.

> Thank you - I will try either direct or tunneling -
> doesn't one or the other need the real servers to be
> LINUX boxes or does it matter with those other routing
> methods???

LVS operates at Layer 3 so it should be transparent to the real server OS.  
You can setup any combination of OS's on the real servers.  With LVS-DR 
just make sure the real servers are NOT arping for the VIP

-Matt

-- 
----------------------------------------------------------------------
Matthew S. Crocker 
Vice President / Internet Division         Email: matthew@xxxxxxxxxxx
Crocker Communications                     Phone: (413) 746-2760
PO BOX 710                                 Fax:   (413) 746-3704
Greenfield, MA 01302-0710                  http://www.crocker.com
----------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
LVS Routing Method Question, pb Re: LVS Routing Method Question, Matthew S. Crocker Re: LVS Routing Method Question, pb Re: LVS Routing Method Question, Matthew S. Crocker <= Re: LVS Routing Method Question, pb Re: LVS Routing Method Question, Matthew S. Crocker Re: LVS Routing Method Question, Jeremy Kerr Re: LVS Routing Method Question, pb Re: LVS Routing Method Question, Matthew S. Crocker udp port support, pb Re: LVS Routing Method Question, Roberto Nibali

Previous by Date:	Re: LVS Routing Method Question, pb
Next by Date:	Re: LVS Routing Method Question, pb
Previous by Thread:	Re: LVS Routing Method Question, pb
Next by Thread:	Re: LVS Routing Method Question, pb
Indexes:	[Date] [Thread] [Top] [All Lists]