|
Hi,
I have a question that is sort of answered in FAQ 4.18, but there's a lot of
information there and it seems more complex than necessary, so I'm hoping
someone can clarify it.
I am running LVS-NAT, where the director VIP and all RIPs are on the same
physical segment (as in 4.11). The setup mostly works fine for external
clients, but some of my web sites proxy to "themselves" within a page
(proxy, PRPC, includes, etc.) This is, I believe, the exact scenario
described in FAQ 4.18, and the symptom is that the proxy functionality
breaks. The real server does a DNS lookup for the remote site, gets back
the VIP, and hangs waiting for a response.
Previously I solved this problem by putting the site names and 127.0.0.1 in
/etc/hosts (as in 4.18.1 and 12.12.4), but after reading the FAQ more
carefully tonight, I solved it by simply adding the VIP as a dummy interface
on all of the real servers. This appears to be addressed in 4.18.3, but
there's an extra iptables command to be run on the director. Is this really
necessary? Won't any packets originating on the real servers and destined
for the VIP be handled by the dummy interface on the real server, without
being put on the wire?
It all appears to work fine and has the added nice effect of forcing each
real server to proxy to itself when necessary, so I'm just looking for a
confirmation that I'm doing this right.
Thanks-
J
|
