|
El lun, 05 de jul de 2004, a las 12:53, Roberto Nibali escribio:
> Hi,
>
> > It is the director
> > ---------------------------------------------
> >External client ---> IPVS:443 --> Local:443 ---> IPVS:80 ---> RealServer
>
> Why do you need this? Seems like a replication of mod_proxy/mod_rewrite.
We are using it like ssl accelerator. The first ipvs (443) sends the
request to localhost:443 or to a different director, and the second
ipvs(80), distrib the traffic in the realservers.
It is the Director1
---------------------------------------------
Ext. client --> IPVS:443 --> Local:443 --> IPVS:80 --> RealServer1
|-> Director2:443 |-> RealServer2
In the first case, it is a scheme "external machine client+director",
but in the second case it is a "client+director in the same machine".
>
> >The problem happens when Local:443 go to localIPVS:80, because the
> >packet is discarted by the next lines in ip_vs_core.c:
> >
> >if (skb->pkt_type != PACKET_HOST) || skb->dev == &loopback_dev) {
> > IP_VS_DBG(12, "packet type=%d proto=%d daddr=%d.%d.%d.%d
> > ignored\n",
> > skb->pkt_type,
> > iph->protocol,
> > NIPQUAD(iph->daddr));
> > return NF_ACCEPT;
> >}
>
> Your patch obviously makes it work but I wonder if such a functionality
> is really needed. Any pointers to a previously held discussion on this
> subject, please?
This part of the patch only solves the output packet, the return is
handled by the second part of the patch. (what is really a bad hack)
The only previous info what i found, was in the url what i posted.
Regards,
Carlos.
--
___ _ \ | / Consulting
| . |._ _ _| | ___ ___ ___ http://www.andago.com
| || ' |/ . |<_> |/ . |/ . \__ GNU/Linux
|_|_||_|_|\___|<___|\_. |\___/ _ \ __|\ \ /
Carlos A. Lozano <___'/ | \ -_) __/\__ \ > < -_)
[ carlos.lozano@xxxxxxxxxx ]\___|_| ____/ _/\_\___|
[ calb@xxxxxxxxx ] http://www.ePSXe.com
|
