Re: LVS, Bridge & TP

[Horms <horms@xxxxxxxxxxxx>]

On Tue, Sep 13, 2005 at 01:46:55PM +0200, mquich wrote:
> Hi!
> 
> I'm new to this list, though I've been a reader for long time.
> 
> I'm trying to set up a LVS but I can't get it working. I've read the
> HOWTO's, used tcpdump and I can't get what I want.
> 
> My topology is as follows:
> 
>                                 -------------------------
>                                 |    INTERNET    |
>                                 -------------------------
>                                           |
>                                 -------------------------
>                                 |   <DSL router>  |
>                                 |   192.168.5.10  |
>                                 -------------------------
>                                           |
>                                 -------------------------
>                                 |      SWITCH     |
>                                 -------------------------
>                                    |                 |
>                                    |                 |
>                  -------------------------        -------------------------
>                  |       <LVS1>      |       |       <LVS2>      | 
>                  |  192.168.5.111  |       |  192.168.5.221  |
>                  -------------------------        -------------------------
>                                    |                 |
>                                    |                 |
>                                 -------------------------
>                                 |      SWITCH     |
>                                 -------------------------
>                                           |
>                                 -------------------------
>                                 |   <CLIENTS>   |
>                                 | 192.168.5.0/24 |
>                                 -------------------------
> 
> and my configuration is this:
> 
> LVS1
> --------
> IP/MASK: 192.168.5.111/24 (No eth, just br0 -BRIDGE-)
> GW: 192.168.5.10
> DIRECTOR & REALSERVER
> LVS-DR
> SQUID
> IPTABLES:
>   iptables -t mangle -A PREROUTING -i br0 -p tcp -m tcp --dport 80 -j
> MARK --set-mark 80
>   iptables -t nat -A PREROUTING -i br0 -p tcp -m tcp -s ! 127.0.0.1 -d
> ! 127.0.0.1 --dport 80 -j REDIRECT --to-ports 3128
> 
> LVS2
> --------
> IP/MASK: 192.168.5.221/24 (No eth, just br0 -BRIDGE-)
> GW: 192.168.5.10
> DIRECTOR & REALSERVER
> LVS-DR
> SQUID
> IPTABLES:
>   iptables -t mangle -A PREROUTING -i br0 -p tcp -m tcp --dport 80 -j
> MARK --set-mark 81
>   iptables -t nat -A PREROUTING -i br0 -p tcp -m tcp -s ! 127.0.0.1 -d
> ! 127.0.0.1 --dport 80 -j REDIRECT --to-ports 3128
> 
> CLIENTS
> --------------
> IP/MASK: 192.168.5.0/24 (ethx, just one & no br0 -BRIDGE-)
> GW: 192.168.5.10
> 
> Both LVS boxes are transparent to clients, nothing is configured in
> the clients with such IP's, but they are forced to pass trough the LVS
> boxes to get outside!. So when a client wants a web page from the
> outside world, I want that LVS balances so that one page is get by
> squid on LVS1 and others by squid on LVS2
> 
> I haven't been able to get the ipvsadm commands for this to work as I want :-(
> I've tried "hidden patch" to solve arp problem but I can't get it working.
> 
> Anyone could help me?

What does your LVS setup look like?
Are the packets going to LOCAL_IN?
Does enabling /proc/sys/net/ipv4/vs/debug
and monitoring the kernel logs yeild anything?

Ref: http://www.vergenet.net/~horms/tmp/nf-lvs.png

-- 
Horms