|
Joseph Mack NA3T wrote:
On Wed, 20 Jul 2005, Scott J. Henson wrote:
As far as I can tell there is no way to do this.
it's the default in LVS. We've been doing it for years
Are you using dr, nat, or tun? As far as I can tell none of them work
in the configuration. I think the difference is that the real server
can direct route back to the client in all cases. This means that nat
won't work because the packet goes back to the client instead of the
director.
In dr and tun, the real server tries to send a packet back to the client
with a src address of the VIP. This is normal, except in our case the
routers along the way notice that the real server is trying to spoof the
VIP and they drop the packet. This is espcially true when the client is
on the same network as the vip. In that case the routers for that
subnet see a packet with a src address that is internal coming in on the
external interface and drop it as a spoofed packet(as they should).
So I still don't see how this configuration would work. I can see how
it would work if the RIP was on a private(non-routable) subnet, but in
our case its not. If this is supposed to work I would love to hear it
cause it would make my life much simpler. I'm just trying to confirm
that this is a limitation in ip_vs and not a misconfiguration on my
part. Thanks.
|
