|
Greetings,
I have a similar setup and got around this by setting the default
route on the real server to a system that would route back out through
the LVS NAT server.
VIP: 192.168.1.100
LVS NAT: 192.168.1.254
Real Servers: 10.1.0.x
Real Server GW: 10.1.0.254
Client: 172.168.1.x
Client connects to the VIP, which translates the address, using LVS,
to the real servers. The real servers respond and send their outbound
traffic to the GW, which routes it out through the LVS NAT. A very
simplified way of doing it would be;
VIP: 192.168.1.100
LVS NAT: 10.1.0.254
LVS NAT GW: 192.168.1.254
Real Servers: 10.1.0.x
Real Server GW: 10.1.0.254
-----Original Message-----
From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott J.
Henson
Sent: Monday, July 18, 2005 1:21 PM
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Using ip_vs on different subnets
Ive been trying to get this working and I think Ive come to the
conclusion that its impossible, but Im wondering if anyone has an idea.
Basically I'm trying to get ip_vs to use a real server that is on a
different subnet from what the vip is on. Here is my setup.
VIP: 192.168.1.100
Real Server: 192.168.2.100
Client: 192.168.1.101
Ive tried tun, dr, and nat, but all seem to have a problem with them.
With dr, the director can't route to the real server and from the
tcpdump output, the real server is never getting the packet.
With tun, I can get a packet from the client, to the vip, to the real
server, but when the packet leaves the real server it never gets back to
the client. I'm guessing thats because the router is droping the packet
with a internal ip address(the vip) coming in on the external link. The
client never sees the packet returning.
With nat, I can get the entire loop, from the client to the vip to the
real server to the client. The packet though, never goes back through
the director. This is obvious because the default route of the real
server is supposed to be the director, but I can't do that because they
are on different subnets. So the packet returns to the client with a
source ip address of the real server instead of the vip. This means the
client rejects the packet. So that one is out as well.
Is this what is supposed to be happening? Is there a way to have the
vip and real server on different subnets like I have above? Normally we
use dr with a redirects rule on the real servers on the same subnet and
that has been working great, but we have need of putting real servers on
a different subnet.
Any help would be appreciated. Thanks.
|
