Port translation and FWMARK

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Port translation and FWMARK
From:	nick garratt <nick-lvs@xxxxxxxxxxxxxx>
Date:	Thu, 25 Mar 2004 11:45:22 +0200

Hi

I'm experiencing issues with port translation using LVS-NAT and FWMARK:

iptables -t mangle -A PREROUTING -d VIP -p tcp -m tcp --syn --dport1237:1239 -j MARK --set-mark 1238


ipvsadm -A -f 1238 -s wlc -p 900
ipvsadm -a -f 1238 -r 192.168.20.1:1237 -m -w 5 # daemon instance 1
ipvsadm -a -f 1238 -r 192.168.20.1:1238 -m -w 5 # daemon instance 2


What I am trying to achieve is the following:

we have a custom written SMPP service that accepts two connection(transmitter and receiver) from a client. We have run into problemswith maximum threads per process and large numbers of binds. As aninterim measure we are considering running multiple instances of thedaemon on the same server. Its is imperative that a user's two bindsare routed to the same daemon instance. The user may connect to aport range so as to allow them to specify different receiver andtransmitter ports according to their whim or the peculiarities oftheir client software but the daemon instance will handle bothconnections on the same port.

The intention is to group the VIP port range using FWMARK as we dowith many other services and load balance them across the RIP serviceports ensuring that:


userIP:56789 -> VIP:1237 -> RIP:n
userIP:56790 -> VIP:1238 -> RIP:n

where n is the same port guaranteed by persistence.

Problem: FWMARK and LVS-NAT port translation does not seem to work atall. what actually happens is:


userIP:56789 -> VIP:1237 -> RIP:1237
userIP:56790 -> VIP:1238 -> RIP:1238

which splits the binds across daemon instances.

Another approach to the problem is to configure multiple virtualinterfaces on my real server, get the daemon instances to bind tospecific IPs/same port ranges and handle as per normal i.e. no porttranslation:

iptables -t mangle -A PREROUTING -d VIP -p tcp -m tcp --syn --dport1237:1239 -j MARK --set-mark 1238


ipvsadm -A -f 1238 -s wlc -p 900

ipvsadm -a -f 1238 -r 192.168.20.11:0 -m -w 5 # daemon instance 1listening on 1237 - 1239ipvsadm -a -f 1238 -r 192.168.20.12:0 -m -w 5 # daemon instance 2listening on 1237 - 1239


However I would prefer to keep down the number of IPs I need to failover.


Any suggestions ?

Nick

<Prev in Thread]	Current Thread	[Next in Thread>
port translation in lvs, Ryan Leathers Re: port translation in lvs, Joseph Mack Port translation and FWMARK, nick garratt <= Re: Port translation and FWMARK, Joseph Mack RE: port translation in lvs, Francois JEANMOUGIN Re: port translation in lvs, Joseph Mack Re: port translation in lvs, Ryan Leathers Re: ipvsadm and keepalived, Arnar Gestsson port translation in lvs, Ryan Leathers Re: port translation in lvs, Joseph Mack RE: port translation in lvs, Peter Mueller

Previous by Date:	RE: About TCPSP hung, yangrunhua
Next by Date:	no status information / statistics, Willem de Groot
Previous by Thread:	Re: port translation in lvs, Joseph Mack
Next by Thread:	Re: Port translation and FWMARK, Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]