On Thu, 19 Jan 2006, Judd Bourgeois wrote:
Hi,
I have a question that is sort of answered in FAQ 4.18,
but there's a lot of information there and it seems more
complex than necessary,
it's what happens when you do the documentation in your
spare time for free I'm afraid. I used to have an
enlightened employer that regarded my LVS work as beneficial
to the world, and so I got to test everything before putting
it in the HOWTO. My current employer only thinks about the
hours that they can bill for my time, so now I just monitor
the list and splice in posts that seem to be reasonable.
I am running LVS-NAT, where the director VIP and all RIPs
are on the same physical segment (as in 4.11). The setup
mostly works fine for external clients, but some of my web
sites proxy to "themselves" within a page (proxy, PRPC,
includes, etc.) This is, I believe, the exact scenario
described in FAQ 4.18, and the symptom is that the proxy
functionality breaks. The real server does a DNS lookup
for the remote site, gets back the VIP, and hangs waiting
for a response.
yes
Previously I solved this problem by putting the site names
and 127.0.0.1 in /etc/hosts (as in 4.18.1 and 12.12.4),
the route to getting all the info you need is quite
torturous I'll be the first to agree.
but after reading the FAQ more carefully tonight, I solved
it by simply adding the VIP as a dummy interface on all of
the real servers.
and the httpd on the realservers is listening to the VIP on
dummy0 as well?
You've stopped the VIP on dummy0 from replying to arp
requests?
This appears to be addressed in 4.18.3, but there's an
extra iptables command to be run on the director. Is this
really necessary?
I could spend some time figuring this out, and even then
it would only be my opinion, so instead...
Graeme,
Do you have an opinion on the matter?
Won't any packets originating on the real servers and
destined for the VIP be handled by the dummy interface on
the real server, without being put on the wire?
It all appears to work fine and has the added nice effect
of forcing each real server to proxy to itself when
necessary, so I'm just looking for a confirmation that I'm
doing this right.
I'm not the one to ask :-) We usually accept the computer's
opinion on the matter. If there's any conflict between
humans and the computer, we defer to the computer. So I'd
say you've got it right.
This sounds a neat trick. I'll wait for Graeme's reply
before updating the HOWTO.
Thanks for the update
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|