|
On Thu, 13 Jul 2006, Graeme Fowler wrote:
> If you're doing your setup "by hand" using ipvsadm, then you'll do something
> like the following (but see the note below):
>
> ipvsadm -A -t $VIP:80
> ipvsadm -a -t $VIP:80 -r $RIP:81 -m -w $WEIGHT
>
> ...and so on for your other virtual servers. Other options may apply, and
> because it's fairly late I may have dropped a howler with the others, but you
> get the idea I'm sure :)
>
> Here's the note mentioned above: as far as I am aware, you can likely only do
> this in an LVS NAT (masquerading) system. IN DR or TUN (gatewaying or ipip
> encapsulation respectively), the replies go diretly (in the majority of cases)
> from the realserver to the client, so if you wanted to reply from a different
> port your TCP three-way handshake won't work.
If using LVS-DR you could do something like this on the real servers
iptables -t nat -A PREROUTING -p tcp -d $VIP --dport 80 -j REDIRECT --to-port 81
Packets coming from the director to $VIP:80 will be redirected to $RIP:81.
Bind the web server to $RIP:81 and you don't even need to configure the VIP on
the real server.
|
