hallo list
first thing i say "thanks for all your work"!
we use the lvs(piranha) for several years now, works perfect.
"IP Virtual Server version 1.0.11"
our problem at the moment is that we are switching from named based apache
configuration to ip based configuration for several secure/ssl certificates
(apache works fine if we talk directly to the RS
172.17.199.99/255.255.0.0/eth0 certificate 1
172.17.199.199/255.255.0.0/eth1 certificate 2
the same for http)
short description of our network:
-------------------
cisco/pix firewall
nat to VIP
-------------------
|
cisco/catalys
|
-------------
lvs/piranha
LVS-DR
VIP(172.17.200.xxx/255.255.0.0)
redhat/kernel 2.4.26
-------------
|
cisco/catalyst
|
------------------------------
RS1/apache/tomcat/jboss
RS2/apache/tomcat/jboss
RS3/apache/tomcat/jboss
RS4/apache/tomcat/jboss
2.6.11-gentoo-r9
RIP1(172.17.99.xxx/255.255.0.0/eth0)
RIP2(172.17.199.xxx/255.255.0.0/eth1)
/sbin/iptables -t nat -A PREROUTING -p tcp -d 172.17.200.xxx -j REDIRECT
------------------------------
PROBLEM:
we did a test(LVS-DR) with two
VIPs:
VIP1 172.17.200:50:80 -> 172.17.199.99:80/RStest eth0
VIP2 172.17.200:51:80 -> 172.17.199.199:80/RStest eth1
since we use two nics on the real server all response
comming back from the real server are from the same apache
eg: server1(172.17.199.99:80) no matter wich VIP we are using.
what did we miss, some routing on the real servers?
any hints welcome.
if you need more data about our networks, nics, switches... just say what
you like to know ;)
cheers
lothar
|