LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: LVS, fwmarks and a port translation problem

from [Matthew Crocker] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: LVS, fwmarks and a port translation problem
From: Matthew Crocker <matthew@xxxxxxxxxxx>
Date: Thu, 14 Aug 2003 13:58:29 -0400 

On Thursday, August 14, 2003, at 10:47 AM, Philip Hayward wrote:


Hi,
I have a design problem and was wondering if anyone had any bright ideas about solving it. Using Ultramonkey I have 2 LVS-NAT servers in failover. I want them to hold up to 20 virtual IPs for numerous HTTP/HTTPS apps that we run (must be on 80/443). Behind the LVS are 6 apache/tomcat servers each hosting up to 10 of the apps. Because of the use of SSL we port translate so 
that each real server only has 1 real IP (using real IPs for historical
reasons). I need a load balanced persistent config... And I don't want to 
have to make any changes (except default routes) to the web servers...
Yes, this is a painfully complicated configuration but it kind of works with 
our hardware LB which needs replacing, hopefully with LVS.

Here is my first 1/10th scale attempt on our staging stack:

IP Virtual Server version 1.0.9 (size=65536)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.1.1.81:80 wlc
  -> 10.1.1.39:51580              Masq    1      0          0
  -> 10.1.1.14:51580              Masq    1      0          0
TCP  10.1.1.46:80 wlc
  -> 10.1.1.39:50580              Masq    1      0          0
  -> 10.1.1.14:50580              Masq    1      0          0
TCP  10.1.1.46:443 wlc persistent 300 mask 255.255.255.0
  -> 10.1.1.39:50543              Masq    1      0          0
  -> 10.1.1.14:50543              Masq    1      0          0
TCP  10.1.1.81:443 wlc persistent 300 mask 255.255.255.0
  -> 10.1.1.39:51543              Masq    1      0          0
  -> 10.1.1.14:51543              Masq    1      0          0
This worked until I realised I need persistence between HTTP and HTTPS. Now 
FWMARKS is a great idea, but I can't see how I can make it work in this
situation. I'd appreciate any advice.
I don't think you can do it. You can setup fwmark rules to tag the packets and LB the based on the fwmark but you will not be able to rewite the dest_port because you won't be able to tell if they are 443 or 80 traffic because you aren't checking for that. 

-Matt


Thanks,

Phil
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  LVS, fwmarks and a port translation problem, Philip Hayward
Next by Date:  Re: LVS, fwmarks and a port translation problem, Horms
Previous by Thread:  LVS, fwmarks and a port translation problem, Philip Hayward
Next by Thread:  Re: LVS, fwmarks and a port translation problem, Horms
Indexes:  [Date] [Thread] [Top] [All Lists]