LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Interesting Setup?

from [Jacco van Koll] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Interesting Setup?
From: Jacco van Koll <jko@xxxxxxxxxxxxxx>
Date: Sat, 06 Aug 2005 12:36:00 +0200 
Hello all,
Whilst playing with a linux virtual server setup, i ran into some problems. I use the following setup:
I have 3 boxes, which are all connected to the public network, but also to a private segment. 


Like this:
-----------------------------------------------------------------------------------public net (82.94.229.128/25) 
                                     |                  |              |
                                     |       loadbalancer    |
                                     |                 /\              |
                                     |                /  \             |
                                     |               /    \            |
                                     |              /      \           |
                                 server 1- - -        - - - server 2
The connections between the loadbalancer and the real servers is done by a vlan part on a switch, with 172.16.125.0/24 addresses. 

I would like to have the following setup:

1. All webtraffic (http/https) must be handled by the loadbalancer
2. All ssh traffic must be performed directly to the real servers
3. Optional, i must have the possibility for handling certain protocols by the real servers, like DNS, or, if there is the need, by the loadbalancer. (like pop3 for example)
Whenever i add the default route on the real servers to the 82.94.229.129 gateway, nothting happens when connecting to the loadbalancer port 80. When i change the default route to the private ip on the loadbalancer, it works, but the real servers cannot be connected trough ssh.
I am fighting this issue for about a month now, and tried all info i already found with search engines, howto's and mailinglists, and i am still puzzled. Can anyone help me out here? 

The following script is now running on the loadbalancer:

#!/bin/bash
#
# From the LVS site:
# To make the load balancer forward the masquerading packets
# echo 1 > /proc/sys/net/ipv4/ip_forward
# ipchains -A forward -j MASQ -s 172.16.0.0/24 -d 0.0.0.0/0
#
# Add virtual service and link a scheduler to it
#
# ipvsadm -A -t 202.103.106.5:80 -s wlc (Weighted Least-Connection scheduling) # ipvsadm -A -t 202.103.106.5:21 -s wrr (Weighted Round Robing scheduling ) 
#
# Add real server and select forwarding method
#
#    ipvsadm -a -t 202.103.106.5:80 -r 172.16.0.2:80 -m
#    ipvsadm -a -t 202.103.106.5:80 -r 172.16.0.3:8000 -m -w 2
#    ipvsadm -a -t 203.103.106.5:21 -r 172.16.0.2:21 -m

PATH="/usr/sbin:/sbin:${PATH}"
export PATH

log() {
 echo "$1"
   test -x "$LOGGER" && $LOGGER -p info "$1"
   }

LSMOD=`which lsmod`
MODPROBE=`which modprobe`
IPTABLES=`which iptables`
IP=`which ip`
LOGGER=`which logger`
IPVSADM=`which ipvsadm`

echo -n "Initialized programs: "
echo -n "$LSMOD "
echo -n "$MODPROBE "
echo -n "$IPTABLES "
echo -n "$IP "
echo -n "$LOGGER "
echo -n "$IPVSADM "

if $IP link ls >/dev/null 2>&1; then
 echo;
 else
 echo "iproute not found"
 exit 1
fi


INTERFACES="eth0 eth1 lo "
   for i in $INTERFACES ; do
   $IP link show "$i" > /dev/null 2>&1 || {
   log "Interface $i does not exist"
   exit 1
}
done


# First make the stuff go forward
       echo -n "Enable ip forwarding: "
       echo 1 > /proc/sys/net/ipv4/ip_forward
       echo "Done"

# Now make the NAT work (MASQUERADE)
       echo -n "Enable Masquerade: "
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 172.16.125.0/24 -j MASQUERADE 
       echo "Done"
# Now make portforwarding work (DNAT)
       echo -n "Enable portforwards (DNAT PORT 81 and 82): "
       echo -n "server 1 "
$IPTABLES -t nat -A PREROUTING -p tcp -d 82.94.229.135 --dport 81 -j DNAT --to-destination 172.16.125.2:80 
       echo -n "server 2 "
$IPTABLES -t nat -A PREROUTING -p tcp -d 82.94.229.135 --dport 82 -j DNAT --to-destination 172.16.125.3:80 
       echo "Done...."
       echo -n "Enable portforwards (DNAT PORT 6001 and 6002): "
       echo -n "server 1 "
$IPTABLES -t nat -A PREROUTING -p tcp -d 82.94.229.135 --dport 6001 -j DNAT --to-destination 172.16.125.2:443 
       echo -n "server 2 "
$IPTABLES -t nat -A PREROUTING -p tcp -d 82.94.229.135 --dport 6002 -j DNAT --to-destination 172.16.125.3:443 
       echo "Done...."


# Now make the public side know which ports
       echo -n "Enable LB Known ports: "
       $IPVSADM -A -t 82.94.229.135:80 -s wrr
       $IPVSADM -A -t 82.94.229.135:443 -s wrr
       echo "Added ports 80 and 443"

# Now make the rules to servers
       echo -n "Loadbalancing to servers port 80: "
       $IPVSADM -a -t 82.94.229.135:80 -r 172.16.125.2 -m
       $IPVSADM -a -t 82.94.229.135:80 -r 172.16.125.3 -m -w 2
       echo "Added servers 1 and 2"
       echo -n "Loadbalancing to servers port 443: "
       $IPVSADM -a -t 82.94.229.135:443 -r 172.16.125.2 -m
       $IPVSADM -a -t 82.94.229.135:443 -r 172.16.125.3 -m -w 2
       echo "Added servers 1 and 2 both http and https"

--
Regards,

J. van Koll
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Need help with ipvsadm- persistence, Horms
Next by Date:  Re: Interesting Setup?, Joseph Mack NA3T
Previous by Thread:  IP tunnelling with new Red Hat Patch?, Nigel Hamilton
Next by Thread:  Re: Interesting Setup?, Joseph Mack NA3T
Indexes:  [Date] [Thread] [Top] [All Lists]