Re: Addition to section 13 in http://www.linuxvirtualserver.org/Joseph

To:	"Rief, Jacob" <Jacob.Rief@xxxxxxxxxxxx>
Subject:	Re: Addition to section 13 in http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO.LVS-NAT.html
Cc:	"'LinuxVirtualServer.org users mailing list. '" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Cc:	'Joseph Mack ' <mack.joseph@xxxxxxxxxxxxxxx>
From:	Joseph Mack <mack.joseph@xxxxxxx>
Date:	Fri, 25 Apr 2003 12:13:49 -0400

"Rief, Jacob" wrote:
> 

> This is a problem we have. We have many hundered domain-names registered
> onto the same IP-address.


ie the VIP with name-based webserving?

> Therefore an /etc/hosts approach does not fit.
> Sometimes webdesigners use some kind of include-function to include
> content from one project into another, by means of server-side-includes.
> (see http://www.php.net/manual/en/function.require.php) using
> http-subrequests.

and this causes your problem?
 

> with the entry in iptables
> iptables -t nat -A OUTPUT -p tcp -d <VIP> --dport 80 -j DNAT --to <RIP>:80
> they can, and it works.
> 
> Julians solution
> 
>            +-------------+
>            |    <vip>    |
>            |  director   |
>            +-------------+
>             ^           |
>             |           |req
>             |req        v
>   +-------------+     +-------------+
>   |  <rip1>     |<--- |  <rip2>     |
>   |  Realserver | ans |  Realserver |
>   |  = client   | wer |  = server   |
>   +-------------+     +-------------+
> 
> this does not work: R1 does a request request to <vip>
> which goes to the director.
> The director rewrites dst-ip of packet to <rip2>.
> R2 serves the request. Since src-ip is on the same
> sub-net, R2 contacts R1 directly, but R1 refuses the
> packet because it expected a reply from <vip>.
> 
> Therefore Julian removes the local routing and forces
> every packet to pass trough the director. The director
> can therefore rewrite src-rip2 to vip and R1 accepts.
> 
>            +-------------+
>            |    <vip>    |
>            |  director   |
>            +-------------+
>             |^         |^
>          ans||      req||ans
>             v|req      v|
>   +-------------+     +-------------+
>   |  <rip1>     |     |  <rip2>     |
>   |  Realserver |     |  Realserver |
>   |  = client   |     |  = server   |
>   +-------------+     +-------------+
> 

OK (sneaky).

> ok. But this puts extra netload onto the director.
> 
> The solution proposed here does not put that extra load
> onto the director. However R1 will always contact itself.


is your problem then that realservers have to go fetch content
on VIP:80 to fullfill the original client request

and 

that with LVS-NAT, the realservers can't get the request
while with LVS-DR etc, the realserver can get the packets locally?

Joe
-- 
Joseph Mack PhD, Senior Systems Engineer, SAIC contractor 
to the National Environmental Supercomputer Center, 
ph# 919-541-0007, RTP, NC, USA. mailto:mack.joseph@xxxxxxx

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Addition to section 13 in http://www.linuxvirtualserver.org/ Joseph.Mack/HOWTO/LVS-HOWTO.LVS-NAT.html, Rief, Jacob Re: Addition to section 13 in http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO.LVS-NAT.html, Joseph Mack <=

Previous by Date:	RE: Addition to section 13 in http://www.linuxvirtualserver.org/ Joseph.Mack/HOWTO/LVS-HOWTO.LVS-NAT.html, Rief, Jacob
Next by Date:	Re: UltraMonkey vs keepalived vs LVSM vs ??, Vinnie
Previous by Thread:	RE: Addition to section 13 in http://www.linuxvirtualserver.org/ Joseph.Mack/HOWTO/LVS-HOWTO.LVS-NAT.html, Rief, Jacob
Next by Thread:	help!, sbulut77@xxxxxxxxx .
Indexes:	[Date] [Thread] [Top] [All Lists]