On Sun, 2006-09-24 at 17:30 -0700, Joseph Mack NA3T wrote:
> On Sun, 24 Sep 2006, Dan McCormick wrote:
>
> > Because my grand plan is to migrate a web site that's already running on
> > a separate director from one set of IPs to another.
>
> are you migrating the VIPs or the RIPs?
The VIPs.
> > I'd like the web
> > site to be able to respond on both sets of IPs, change the DNS to point
> > to the new set, and not have to worry if the old IPs get cached for days
> > or weeks. The old IP range is on a 100MBps connection, and the new one
> > is gigabit, and my ISP won't let me comingle them on a single switch.
> > On top of that, all my existing director machines only have two NICs, so
> > I can't plug the old external network, the new external network, and the
> > local network into a single machine.
>
> I can help you think about this if you like. I don't know
> what you;re doing though.
Ok, thanks.
> What is the network digram (VIP,DIP, RIP) of the
> current/future setup, which machines/IPs do you want
> transferred? You must have both the old and new operating
> simultaneously?
The network is pretty simple. I have an existing public IP (VIP #1)
owned by an existing director (DIP #1) hitting a group of eight web
servers. I'm moving to a second IP (VIP #2) owned by a separate
director (DIP #2) hitting the same group of eight web servers.
Right now, the eight web servers use DIP #1 as their default gateway.
I'd like both the new and old VIPs working simultaneously, so if I want
VIP #2 to work, somehow those same web servers will have to know to send
traffic that comes in through DIP #2 back out through DIP #2.
I'll make up some IPs if that'll make things easier to talk about:
Current setup:
VIP #1: 1.1.1.1
DIP #1: 192.168.0.100 (eth0 local, eth1 internet)
RIPs: 192.168.0.20 through .27
New setup:
VIP #2: 2.2.2.2
DIP #2: 192.168.0.140 (eth0 local, eth1 internet)
RIPs: 192.168.0.20 through .27
So my idea was to have DIP #2 re-write packets to the eight web servers
using a source NAT of its IP, 192.168.0.140.
One thing I haven't figured out is: when in the ipvs NAT does iptables
act on the packets? If I correctly understand the links you sent, they
discuss problems with iptables facing the internet, not the local
network.
In this case, suppose we have a CIP of 24.0.0.1 that hits DIP #2; the
packet gets DNAT'ed by ipvs to RIP 192.168.0.20. Does the iptables
POSTROUTING chain (where you'd normally apply an SNAT) get applied to
the packet at that point? I assumed it would, so I tried:
iptables -t nat -D POSTROUTING -o eth0 -j SNAT --to-source 192.168.0.140
But that doesn't seem to work (looking at tcpdump on the real servers
indicates the packets have a source address of the CIP, 24.0.0.1, not
192.168.0.140).
Thanks for the help,
Dan
|