|
Hello:
I just wanted to know if it's possible balancing packages generated by NATing
them in the box where the ip_vs resides ( DR Mode ).
Yes, it sounds weird. I'll try to explain.
Let's imagine I have a box connected to a router ( or being a router itself ).
This box receives ( injected by the router, or when forwarding if it's a
router ), packages from "clients" boxes to internet port 80. That's an
interception for being a proxy cache
( .http://www.squid-cache.org/Doc/FAQ/FAQ-17.html ).
The usual way to be a proxy cache, it's to:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
( or using DNAT for another computer ).
I just want to REDIRECT it to a Virtual IP this way:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-host
VirtualIP --to-port 3128
Then, I would like to have the ip_vs balancing the VirtualIP:3128 to the real
proxy caches. That's the trivial task.
Currently, the way we use to "inject" packages into that box is by using
WCCPv2, that creates a gre tunnel from the Router ( a Cisco 6509 ) to
the "balancer".
Before you say: well, WCCPv2 is able to balance, it has failover and blah blah
blah.. I have to say, that we couldn't manage to make it balance our caches
without breaking the TCP connections. It doesn't work properly... maybe it's
a buggy IOS ( like the ~99% of Cisco IOS ), maybe not... this is a subject
we're looking into too. For one proxy cache for WCCP it works well..When two
caches are registered with WCCP, then the clients get "Connection resets"
when brownsing.
I haven't success with this scenary.. so, I wanted to know if it's possible
anyway as I have been watching the netfilter relationship to ip_vs and I
don't see it clearly.
Thx a lot for your responses.
Francisco Gimeno
BTW: I need the clients IP in the logs of the proxies, so, I can't use
application-level balancers... just DR.
|
