LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: Is this possible?

from [Roberto Nibali] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Is this possible?
From: Roberto Nibali <ratz@xxxxxx>
Date: Fri, 22 Oct 2004 08:13:39 +0200 
Hello,


I'm trying to get LVS to work in a different configuration than I normally
do and I'm running into some problems.  Here is the setup:


What kind of problems?


Clients
    |
Hit external address
----------Firewall----------
NATS the external address to 172.27.82.4
So you do a port translation for the VIP. All outgoing traffic from here will be having the srcIP of your firewall unless you use transparent proxying. This might yield severe load imbalance. 


Director - IP:172.27.82.3
         - VIP:172.27.82.4

----------Firewall----------
Is this firewall bridging two collision domains? ITIM: Do, loosly speaking, 172.27.0.0/?? and 172.20.0.0/?? express two different physical networks? If so, what kind for LVS forwarding method did you choose? ("Almost") Only LVS_TUN will work in a network topology like that. You could technically use LVS_NAT, however this would be a rather strange setup. If I may be so impolite as to mention your placing of the second firewall is rather found wanting. 


Real Server 1 - IP:172.20.6.12
Real Server 2 - IP:172.20.6.13

I normally use LVS in a single network setup so this is new to me.  Am I
going about this the wrong way?  Is this even possible  All of the
documentation I've looked through doesn't seem to apply to my configuration.
Check out the documentation on LVS_TUN, if you need to load balance across collision domains, within private addressable IP ranges. 


CONFIDENTIALITY NOTICE:  The information in this e-mail is privileged and
confidential.  Any use, copying or dissemination of any portion of this
e-mail by or to anyone other than the intended recipient(s) is unauthorized.
If you have received this e-mail in error, please reply to sender and delete
it from your system immediately.


This statement reminds me of a mixture of Moebius and M.C. Escher ... [1]

[1] http://www.mcescher.com/Gallery/recogn-bmp/LW408.jpg

Best regards,
Roberto Nibali, ratz
--
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Is this possible?, Bishop, Cass
Next by Date:  RE: Is this possible?, Ryan Leathers
Previous by Thread:  Is this possible?, Bishop, Cass
Next by Thread:  Re: Is this possible?, Joseph Mack
Indexes:  [Date] [Thread] [Top] [All Lists]