lvs-users
|
|
lvs-users
|
| To: | "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | RE: VLAN with LVS-DR |
| From: | "Francois JEANMOUGIN" <Francois.JEANMOUGIN@xxxxxxxxxxxxxxxxx> |
| Date: | Tue, 22 Nov 2005 11:36:25 +0100 |
> I have to test it this week, to try to free the public address of my
> realservers.
Here is a working setup, it can be called "freeing the public Ips from you
realserver".
(Hopefully the drawings will survive Outlook bullshit)...
First, a reminder, here is a standard LVS-DR setup (from the HOWTO) :
| |
| client |
|________|
CIP=192.168.1.254
|
(router)
|
VIP=192.168.1.110 (eth0, arps)
__________
| |
| director |
|__________|
DIP=10.1.1.1 (eth1, arps)
|
|
-------------------------------------
| | |
| | |
RIP1=10.1.1.2 RIP2=10.1.1.3 RIP3=10.1.1.4 (eth0)
VIP=192.168.1.110 VIP=192.168.1.110 VIP=192.168.1.110 (all lo:0, can arp)
_____________ _____________ _____________
| | | | | |
| realserver | | realserver | | realserver |
|_____________| |_____________| |_____________|
| | |
(router) (router) (router)
| | |
----------------------------------------------> to client
If I try to simplify the flues and add the routing networks :
| |
| client |
|________|
CIP=On internet
|
Router IP On internet (ethY)
_____|____
| |
| router fw|
|__________|
IP=111.111.111.1 ethX
|
(Public adresses)
|-----------------------------<
VIP=111.111.111.XYZ |
____|______ |
| | |
| director | |
|__________| |
DIP=10.1.1.1 (eth1, arps) |
| |
| |
---------- |
| |
RIP1=10.1.1.2 (eth0) |
VIP=111.111.111.XYZ (lo:1) |
_____________ |
| | |
| realserver | |
|_____________| |
| |
IP=111.111.111.OQP (eth1) |
| |
-----------------------------------------^
So, for each realserver in the public DMZ, I have to use a public IP
(111.111.111.OQP).
Bad and expensive solution.
Now, if I use a (false[1]) VLAN, the setup becomes :
________
| |
| client |
|________|
CIP=On internet
|
Router IP On internet (ethY)
_____|____
| |
| router fw|
|__________|
IP1=111.111.111.1 ethX
IP2=172.27.0.1 ethX
|
(Public adresses network + VLAN)
|-----------------------------<
VIP=111.111.111.XYZ |
____|______ |
| | |
| director | |
|__________| |
DIP=10.1.1.1 (eth1, arps) |
| |
| |
---------- |
| |
RIP1=10.1.1.2 eth0 |
VIP=111.111.111.XYZ lo:1 |
_____________ |
| | |
| realserver | |
|_____________| |
| |
IP=172.27.0.2 eth1 |
| |
-----------------------------------------^
Of course it works, it does not need any configuration on the FW, because
the packets are made like this (listening outgoing packets on eth1 on the
realserver) :
10:49:24.388786 111.111.111.XYZ.80 > 212.156.233.137.11911: . ack 313 win
6432 (DF)
10:49:24.400288 111.111.111.XYZ.80 > 212.156.233.137.11911: P 1:351(350) ack
313 win 6432 (DF)
10:49:24.450543 111.111.111.XYZ.80 > 212.156.233.137.11912: . ack 455 win
6432 (DF)
10:49:24.462076 111.111.111.XYZ.80 > 212.156.233.137.11912: P 1:475(474) ack
455 win 6432 (DF)
So, the packets are simply routed. Pure routing strategy. I love this setup.
François.
[1] I call it a false one because currently, we do not setup any VLAN rules
on our switches.
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: VLAN with LVS-DR, Graeme Fowler |
|---|---|
| Next by Date: | RE: VLAN with LVS-DR, Francois JEANMOUGIN |
| Previous by Thread: | RE: VLAN with LVS-DR, Francois JEANMOUGIN |
| Next by Thread: | RE: VLAN with LVS-DR, Francois JEANMOUGIN |
| Indexes: | [Date] [Thread] [Top] [All Lists] |