One of the things I missed out, that was not obvious in the documentation.
Did you bind the virtual IP to the loop back adaptors of the real
servers and the load balancers? Also, make sure that the loop back
virtual IP is hidden. The commands to hide are different for 2.2x, 2.4x
and 2.6x kernel.
On my SuSE 9.2 (2.6x kernel) I do this on the real servers:
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
Mind you, I am doing LVS/DR not the LVS/NAT. But I think it applies
there too.
mquich wrote:
Hi!
I'm new to this list, though I've been a reader for long time.
I'm trying to set up a LVS but I can't get it working. I've read the
HOWTO's, used tcpdump and I can't get what I want.
My topology is as follows:
-------------------------
| INTERNET |
-------------------------
|
-------------------------
| <DSL router> |
| 192.168.5.10 |
-------------------------
|
-------------------------
| SWITCH |
-------------------------
| |
| |
------------------------- -------------------------
| <LVS1> | | <LVS2> |
| 192.168.5.111 | | 192.168.5.221 |
------------------------- -------------------------
| |
| |
-------------------------
| SWITCH |
-------------------------
|
-------------------------
| <CLIENTS> |
| 192.168.5.0/24 |
-------------------------
and my configuration is this:
LVS1
--------
IP/MASK: 192.168.5.111/24 (No eth, just br0 -BRIDGE-)
GW: 192.168.5.10
DIRECTOR & REALSERVER
LVS-DR
SQUID
IPTABLES:
iptables -t mangle -A PREROUTING -i br0 -p tcp -m tcp --dport 80 -j
MARK --set-mark 80
iptables -t nat -A PREROUTING -i br0 -p tcp -m tcp -s ! 127.0.0.1 -d
! 127.0.0.1 --dport 80 -j REDIRECT --to-ports 3128
LVS2
--------
IP/MASK: 192.168.5.221/24 (No eth, just br0 -BRIDGE-)
GW: 192.168.5.10
DIRECTOR & REALSERVER
LVS-DR
SQUID
IPTABLES:
iptables -t mangle -A PREROUTING -i br0 -p tcp -m tcp --dport 80 -j
MARK --set-mark 81
iptables -t nat -A PREROUTING -i br0 -p tcp -m tcp -s ! 127.0.0.1 -d
! 127.0.0.1 --dport 80 -j REDIRECT --to-ports 3128
CLIENTS
--------------
IP/MASK: 192.168.5.0/24 (ethx, just one & no br0 -BRIDGE-)
GW: 192.168.5.10
Both LVS boxes are transparent to clients, nothing is configured in
the clients with such IP's, but they are forced to pass trough the LVS
boxes to get outside!. So when a client wants a web page from the
outside world, I want that LVS balances so that one page is get by
squid on LVS1 and others by squid on LVS2
I haven't been able to get the ipvsadm commands for this to work as I want :-(
I've tried "hidden patch" to solve arp problem but I can't get it working.
Anyone could help me?
Thanks!!!
|