|
Hi.
I'm using LVS-NAT with 2 uplink providers. I'm marking packages
and using keepalived with fwmark. I configured the LVS cluster
via keepalived.
My question is: Is the conntrack information set again on the packages
that come back from the real servers to be routed by the director?
I'm trying to use the mark set by the iptables conntrack module to
select the correct route for the packet returning to the client. But I don't
know how to check if the mark is set. My experiments suggest that
the mark is not set. (for instance, from a given client I can only reach
a given service from one of the ips the director has, so I guess the route
is being chosen at random and also cached).
I checked the packages are reaching the real servers
(ipvsadm shows the active connections).
I found this howto:
http://www.ssi.bg/~ja/nfct/HOWTO.txt
Do I need this ipvs-nfct patch?
It seems it's not applied in the Debian sarge package I'm using.
What should I read?
How can I further debug this issue?
Thanks,
Nelson.-
--
Homepage : http://geocities.com/arhuaco
The first principle is that you must not fool yourself
and you are the easiest person to fool.
-- Richard Feynman.
|
