|
Hello guys,
OK, just a quick feedback - the datacenter has confirmed they've got a
router check for "IP Spoofing" enabled, which prevents the real server
responses from getting through. I've now ordered 5 servers on the same
physical network, which will then hopefully work. If not, I guess I
could resort to LVS-NAT.
the problem is not the RIPs on the realservers, which can be anything
(presumably belonging to the datacenter's IP range), but the packets
with src_addr=VIP going to 0/0. The datacenter doesn't have the VIP in
its range, it's in your range, but it's coming out of the machines in
their datacenter.
This normally isn't much of a problem anymore in most cases, since our
larger data center providers soon all belong to our major Swiss telco
and thus are within one AS :). The IP Spoofing check most of the time is
of course bogus ... and I just realised that you went for one of those
German providers in Nürnberg who's still got a full B-class network at
its hands.
Since your DGW is back through the E-BGP router of Hetzner in any case I
suggest they should accept your VIP packets. OTOH, they are a rather
large company, so individual requests for router changes might be amiss.
Cheers,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
|
