LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Gateway in LVS-DR

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Gateway in LVS-DR
From: Horms <horms@xxxxxxxxxxxx>
Date: Wed, 29 Oct 2003 17:53:46 +0900
On Wed, Oct 29, 2003 at 12:38:07AM -0800, Ariyo Nugroho wrote:
> Hi all!
> 
> First, I'm gonna announce that my LVS-NAT finally
> works well. Yeah. I followed your suggestion: I use 2
> NIC's with 2 networks. I'm using Linux RH9 as
> director, and mix of Windows Server 2003, and
> Slackware as realservers. The services are telnet and
> http (apache and IIS).
> 
> Then the problem came when I want to try next level: I
> want to setup LVS for ftp. After searching so long in
> the documentation, I found that there's no example
> about setting ftp with LVS-NAT. I've tried to figure
> out setting up LVS-NAT for ftp. But I got nothing. 
> 
> So, because those examples about ftp are all using
> LVS-DR, here I am, trying to have LVS-DR.

FTP works fine with LVS-NAT. 

Just make sure you insmod the ip_vs_ftp module.
Just make sure you insmod the ip_vs_ftp module.
Just make sure you insmod the ip_vs_ftp module.

> I have questions about LVS-DR:
> 
> 1. Is it OK that the director also acts as the
> gateway? From my previous setup with LVS-NAT, I'm left
> with the director acted as the gateway for the
> realservers. And for some reasons, I think I'll keep
> using it as the gateway.

Generally no.


> 2. I don't understand what this command does:
> 
> /sbin/ifconfig lo:110 192.168.1.110 broadcast
> 192.168.1.110 netmask 255.255.255.255

Which bit don't you understand? It brings up 
lo:110 (a virtual interface on the loopback device) 
for 192.168.1.110 with the broadcast and netmask as specified.

> I found it in LVS-Mini-HOWTO. It's said that It's
> supposed to be done on the realservers. I don't
> understand why it points itself as broadcast address,
> and why we use netmask 255.255.255.255

If you are using LVS-DR then the packets that arrive
on the real servers have the destination IP address set
to the VIP. So the real servers need some way of accepting
this traffic as local. One way is to add an interface on
the loopback device and hide it so it won't answer ARP
requests. 

The netmask has to be 255.255.255.255 because
the loopback interface will answer packets for
_all_ hosts on any configured interface.
So 192.168.1.110 with netmask of 255.255.255.0
will cause the machine to accept packets for
_all_ addresses in the range 192.168.1.0 - 192.168.1.255,
which is probably not what you want.

-- 
Horms
<Prev in Thread] Current Thread [Next in Thread>