|
Ed Fisher wrote:
Graeme Fowler wrote:
4. "Internal" VIPs.
This one just came to me so please feel free to try it, I'm away from my
development lab and it might prove to be a complete lemon anyway!
Here's the idea: on the director, for every "external" VIP configuration which
faces the clients (say VIP1) another VIP - iVIP1 - is also configured with
identical realservers but attached to the _internal_ interface. The principle
difference is that this VIP uses LVS-DR, because - for obvious reasons - the
realservers can respond directly to each other.
The only complicated bit is setting up a netfilter rule to do DNAT as the
packets arrive - trap all packets destined for VIP1 and DNAT them to iVIP1.
Ensure iVIP1 is a loopback alias on your realservers as per normal DR
configuration, and in theory at least the realservers should then be able to
talk to each other as clients of a VIP.
I considered this too. The problem is that, in DR, when a realserver
talks to its own vip it goes over the loopback alias, rather than
actually to the director and back.
So the effect is the same as doing an iptables rule on the local machine
mapping the VIP to localhost...
As you said, worst case, it's only as good as method #2 (Jacob Rief's
DNAT method). Best case, though, is different: this method addresses the
scenario in which you're running multiple VIPs where every realserver
isn't bound to every VIP. This was one of Graeme's main reasons why
just DNAT'ing on the realservers wasn't the best way to go. This
solution should address that scenario.
-Bryan
|
