LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

RE: Gateway in LVS-DR

from [Francois JEANMOUGIN] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Gateway in LVS-DR
From: "Francois JEANMOUGIN" <Francois.JEANMOUGIN@xxxxxxxxxxxxxxxxx>
Date: Wed, 29 Oct 2003 09:53:44 +0100 

> Then the problem came when I want to try next level: I
> want to setup LVS for ftp. After searching so long in
> the documentation, I found that there's no example
> about setting ftp with LVS-NAT. I've tried to figure
> out setting up LVS-NAT for ftp. But I got nothing.

You have to deal with dynamic port negociation in FTP. I think I've read 
something about this problem somewhere. You should refer to the documentation 
of iptables, see what is written about ip_nat_ftp and ip_conntrack_ftp.

> So, because those examples about ftp are all using
> LVS-DR, here I am, trying to have LVS-DR.

Good.

> I have questions about LVS-DR:
> 
> 1. Is it OK that the director also acts as the
> gateway? From my previous setup with LVS-NAT, I'm left
> with the director acted as the gateway for the
> realservers. And for some reasons, I think I'll keep
> using it as the gateway.

In the FTP connections, the problem is the gateway. Whatever you use for LVS 
packets routing, you will have to deal with the ftp DATA connection. I think 
someone on this list would give you a more detailed information.

> 2. I don't understand what this command does:
> 
> /sbin/ifconfig lo:110 192.168.1.110 broadcast
> 192.168.1.110 netmask 255.255.255.255

You declare the VIP on all the real server. This is the  IP you will have to 
hide (with noarp or the hidden patch).
 
> I found it in LVS-Mini-HOWTO. It's said that It's
> supposed to be done on the realservers. I don't
> understand why it points itself as broadcast address,
> and why we use netmask 255.255.255.255
> 
> Would anyone please give me an enlightment? :)

I will try. When a packet arrives on the real server, it will have the VIP as 
destination, routed through the RIP of the real server. You will have to route 
this packet to the VIP. This is what this ifconfig line do. It declares a 
subnet (of one IP, say, a /32) so that the packets for the VIP will be routed 
to the specified interface. You should not declare a biggest subnet (/24 or 
whatever) or you will have problems with the outgoing packets.

François.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • RE: Gateway in LVS-DR, Francois JEANMOUGIN <=
Previous by Date:  RE: hidding loopback interface does not work properly, Francois JEANMOUGIN
Next by Date:  Re: hidding loopback interface does not work properly, Horms
Previous by Thread:  [PATCH]add simple unsplicing to tcpsp-0.0.3 with the help of a cookie, yangrunhua
Next by Thread:  Problem with keepalived, Francois JEANMOUGIN
Indexes:  [Date] [Thread] [Top] [All Lists]