|
On Thursday 23 June 2005 02:02, Mack.Joseph@xxxxxxxxxxxxxxx wrote:
> Joseph Mack PhD, High Performance Computing & Scientific Visualisation
> LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007 Federal
> Infrastructure Contact-Ravi Nair 919-541-5467 - nair.ravi@xxxxxxx,
> Federal Visualization Contact - Joe Retzer, Ph.D. 919-541-4190 -
> retzer.joseph@xxxxxxx
>
> lvs-users-bounces+mack.joseph=epamail.epa.gov@xxxxxxxxxxxxxxxxxxxxxx
>
> wrote on 06/22/2005 03:55:44 PM:
> > i am still not sure
> > how the LVS system intercepts those packets because the
> > packets have dst-IP other than that of the LVS server.
>
> I'm not sure how people are handling squids nowadays.
> It was the first big use of LVS.
> I'd expect you'd fwmark all packets to port 80 at the director
> and then loadbalance on the fwmark.
Ok now I am using fwmark and now I seem to be getting on the track but not
upto there yet. There are lots of things I tried out which I would to share
with you all.
My problem is exactly same to what this user
http://www.in-addr.de/pipermail/lvs-users/2002-March/005097.html is trying to
do. But it seems neither could he do it.
My new setup is like this
<cisco router>
202.79.63.230 -----------
| |
| |
| |
| |
eth0 202.79.63.240 |
<Lvs server> |
eth1 192.168.10.1 |
| |
| |
| |
| |
fxp0 192.168.10.10 |
<real server > |
fxp1 202.79.63.241 |
| |
|_________________|
Lvs Server is Gentoo with Kernel 2.6.12 and ipvsadm v1.24
>>> On LVS
#ipvsadm -A -f 2
#ipvsadm -a -f 2 -r 192.168.10.10 (also tried with ipvsadm -a -f 2 -r
202.79.63.241)
#iptables -t mangle -I PREROUTING -p tcp --dport 80 -j MARK --set-mark 2
# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
>>>
Real server is on FreeBSD 5.3 with Trans proxy configured. This was tested by
redirecting Http traffic from Cisco router to the Real server directly. This
means there is no TP configuration issue in the Real Server.
I noticed that the LVS started forwarding packet to the Real Server only after
I added this rule in LVS server
#iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT
Tcpdump analysis showed that the LVS system changes the Destination IP to VIP
when redirecting traffic to Real Server. And the Real Server replies back
with the VIP address in its source. For that reason I added another interface
in Real server and routed return traffic to client via the new interface.
"The reply packet can get to the Client but it doesn't work since the client
is getting reply from different server than the one to which it sent its
request"
If the LVS server changes the Source IP of the return packet to that of host
to which client sent its request then TP should work.
>
> > # iptables -nL -t nat
> >
> > Chain POSTROUTING (policy ACCEPT)
> > target prot opt source destination
> > MASQUERADE all -- 192.168.10.0/24 0.0.0.0/0
>
> why do you do this? You don't need an iptables rules to make
> an LVS work.
>
> Joe
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
