LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: traffic between LVS clusters

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: traffic between LVS clusters
From: Tom <bigendian+lvs@xxxxxxxxx>
Date: Wed, 27 Sep 2006 18:48:51 -0700
Rodney,

I assume you are asking how to keep real servers from sending packets
directly back to the client which happen to be on the same LAN.  The problem
being that the client (a real server in this case) is trying to connect to a
VIP address but is getting response packets from another real server's IP
address which of course won't work.

From a network perspective, you could solve this in a number of ways.  The
trick is to make the packets on the connections between the two groups of
real servers always traverse your LVS director.

One solution would be to NAT the source IP addresses of the real servers
that will be connecting to the secondary VIP to something local to the
director so that the real servers don't see the actual client IP.  This is
usually a bad solution as your application will not be able to record the IP
address of the clients, but might work for you since you should be able to
limit the source NAT'd addresses to your real servers.  Interestingly, you
will be literally NAT'ing both the source and destination addresses for
different reasons with this solution.

You could also force the two groups of real servers to always route packets
through the director via static routes.

Most easily, however, you could simply put the different real server groups
on different subnets so that they always route via the director even though
they are on the same LAN as each other.

Tom


On 9/27/06, Rodney Mckee <rodney.mckee@xxxxxxxxxxxxxx> wrote:

Hi,

I'm looking to have http traffic from 3 real servers from one site
access 2 real servers for another site using the same director.
We are looking to have the main site issue requests to a second
clustered layer and I was looking to setup a second VIP with associated
real servers and have the traffic load balanced using the existing LVS
router.

The setup is using LVS-NAT.

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  10.11.0.0/24         10.11.0.0/24
MASQUERADE  all  --  10.11.0.0/24         anywhere

Rgds
Rodney



_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users




<Prev in Thread] Current Thread [Next in Thread>