|
Hello,
I am having problems with LVS-NAT and iptables running on the same
director. For some reason iptables rules that do static NAT for traffic
originating from a real server quit working after some time.
Could you be a little more specific on "quit working after some time",
please? I'm referring to (but not exclusively): kernel version, iptables
version, your rules, your setup, dmesg, tcpdump traces on both director
interfaces for one connection attempt, ...
One thought that came to mind is to give real servers real ip address
space. This would eliminate the need to NAT connections originating from
the real servers, instead just plain routing is needed on the director.
Correct.
One problem remains that now I need a floating address on both sides of
Apologies for my ignorance but what is a "floating address"? Do you mean
a routeable/public address/IP?
the director, the original floating address used by the real servers as
default gateway and a floating address on the external side of the
director to route traffic for the real server network to. How can I do
this?
You don't need routeable IP addresses inside the LVS collision domain
(read: the phyiscal network consisting of the LVS' internal interface
and all connected RSs), you can overlay as many public address spaces on
top of a private one as you want. Plus keep in mind that for LVS-DR the
director is not the DGW anymore.
This is a preferred solution anyway, as you can do locally based health
checks over a private network but route "real" traffic over a virtual
routeable network which is overlayed. It's a matter of setting up your
FIB correctly on the director and the RS.
Best regards,
Roberto Nibali, ratz
|
