On Thu, Aug 14, 2003 at 01:58:29PM -0400, Matthew Crocker wrote:
>
> On Thursday, August 14, 2003, at 10:47 AM, Philip Hayward wrote:
>
> >Hi,
> >
> >I have a design problem and was wondering if anyone had any bright
> >ideas
> >about solving it. Using Ultramonkey I have 2 LVS-NAT servers in
> >failover. I
> >want them to hold up to 20 virtual IPs for numerous HTTP/HTTPS apps
> >that we
> >run (must be on 80/443). Behind the LVS are 6 apache/tomcat servers
> >each
> >hosting up to 10 of the apps. Because of the use of SSL we port
> >translate so
> >that each real server only has 1 real IP (using real IPs for historical
> >reasons). I need a load balanced persistent config... And I don't want
> >to
> >have to make any changes (except default routes) to the web servers...
> >
> >Yes, this is a painfully complicated configuration but it kind of
> >works with
> >our hardware LB which needs replacing, hopefully with LVS.
> >
> >Here is my first 1/10th scale attempt on our staging stack:
> >
> >IP Virtual Server version 1.0.9 (size=65536)
> >Prot LocalAddress:Port Scheduler Flags
> > -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> >TCP 10.1.1.81:80 wlc
> > -> 10.1.1.39:51580 Masq 1 0 0
> > -> 10.1.1.14:51580 Masq 1 0 0
> >TCP 10.1.1.46:80 wlc
> > -> 10.1.1.39:50580 Masq 1 0 0
> > -> 10.1.1.14:50580 Masq 1 0 0
> >TCP 10.1.1.46:443 wlc persistent 300 mask 255.255.255.0
> > -> 10.1.1.39:50543 Masq 1 0 0
> > -> 10.1.1.14:50543 Masq 1 0 0
> >TCP 10.1.1.81:443 wlc persistent 300 mask 255.255.255.0
> > -> 10.1.1.39:51543 Masq 1 0 0
> > -> 10.1.1.14:51543 Masq 1 0 0
> >
> >This worked until I realised I need persistence between HTTP and
> >HTTPS. Now
> >FWMARKS is a great idea, but I can't see how I can make it work in this
> >situation. I'd appreciate any advice.
> >
>
> I don't think you can do it. You can setup fwmark rules to tag the
> packets and LB the based on the fwmark but you will not be able to
> rewite the dest_port because you won't be able to tell if they are 443
> or 80 traffic because you aren't checking for that.
I don't think that you can do it either. Though of course
you could hack LVS to do something strange. Probably
the easiest way would be to get it to ignore the destinatino port when
setting up persistance templates. Actually, that should
be pretty straight forward.
--
Horms
|