Re: LVS, fwmarks and a port translation problem

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: LVS, fwmarks and a port translation problem
From:	Roberto Nibali <ratz@xxxxxxxxxxxx>
Date:	Fri, 15 Aug 2003 12:00:17 +0200

Hello,

I have a design problem and was wondering if anyone had any bright ideas
about solving it. Using Ultramonkey I have 2 LVS-NAT servers in failover. I
want them to hold up to 20 virtual IPs for numerous HTTP/HTTPS apps that we
run (must be on 80/443). Behind the LVS are 6 apache/tomcat servers each
hosting up to 10 of the apps. Because of the use of SSL we port translate so
that each real server only has 1 real IP (using real IPs for historical
reasons). I need a load balanced persistent config... And I don't want to
have to make any changes (except default routes) to the web servers...

You might not need to, right? I mean aren't the web servers alreadypointing to the load balancer?

Yes, this is a painfully complicated configuration but it kind of works with
our hardware LB which needs replacing, hopefully with LVS.


Most definitely ;).

Here is my first 1/10th scale attempt on our staging stack:

IP Virtual Server version 1.0.9 (size=65536)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.1.1.81:80 wlc
  -> 10.1.1.39:51580              Masq    1      0          0
  -> 10.1.1.14:51580              Masq    1      0          0
TCP  10.1.1.46:80 wlc
  -> 10.1.1.39:50580              Masq    1      0          0
  -> 10.1.1.14:50580              Masq    1      0          0
TCP  10.1.1.46:443 wlc persistent 300 mask 255.255.255.0
  -> 10.1.1.39:50543              Masq    1      0          0
  -> 10.1.1.14:50543              Masq    1      0          0
TCP  10.1.1.81:443 wlc persistent 300 mask 255.255.255.0
  -> 10.1.1.39:51543              Masq    1      0          0
  -> 10.1.1.14:51543              Masq    1      0          0


Why is your persistency mask set to /24? Not that it matters anyway ...

This worked until I realised I need persistence between HTTP and HTTPS. Now
FWMARKS is a great idea, but I can't see how I can make it work in this
situation. I'd appreciate any advice.

Do I understand you correctly, that if one connects to VIP:80 and getsassigned to a RIP1:51580 you want him to still connect to RIP1 but toRIP1:51543 in case the application requires him to connect to VIP:443?

If so I also do not see an obvious way if doing it. I mean it would workif the servers would redirect or listen to port 80, resp. port 443. Thenyou could use persistent fwmark for a 80/443 VIP service tuple.


Best regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc

<Prev in Thread]	Current Thread	[Next in Thread>
LVS, fwmarks and a port translation problem, Philip Hayward Re: LVS, fwmarks and a port translation problem, Matthew Crocker Re: LVS, fwmarks and a port translation problem, Horms Re: LVS, fwmarks and a port translation problem, Roberto Nibali <= RE: LVS, fwmarks and a port translation problem, Philip Hayward RE: LVS, fwmarks and a port translation problem, Philip Hayward Re: LVS, fwmarks and a port translation problem, Matthew Crocker

Previous by Date:	RE: LVS, fwmarks and a port translation problem, Philip Hayward
Next by Date:	RE: LVS, fwmarks and a port translation problem, Philip Hayward
Previous by Thread:	Re: LVS, fwmarks and a port translation problem, Horms
Next by Thread:	RE: LVS, fwmarks and a port translation problem, Philip Hayward
Indexes:	[Date] [Thread] [Top] [All Lists]