|
Hi!
On Sun, 05 Nov 2006, Michael Spiegle wrote:
> Ok... trying to send this email for the 3rd time. The server
> didn't like my last reply...
>
>
> Ok, I am even more confused now :)
>
> Are you referring to Layer 2 or Layer 3 destination address
> mangling? As far as I know, an LVS configured for NAT will
> mangle the destination IP address from the VIP to the
> realserver's address. It then places this packet on the
> network and it goes to the realserver. Since the LVS changes
> the destination (and not the source IP address), the realserver
> on the backend still sees the originating IP address. When the
> realserver formulates its response, doesn't the response goto
> the MAC address which it received the request from (LVS)?
It's not exactly mangling. In DR mode, the director works nearly
the same way a router does. For the sake of simplicity let's
ignore the difference between the two (that is: how the they
decide where to actually route a packet).
The router/LB receives a packet that isn't quite intended for it
but bears its MAC address as a destination. Due to the way LVS
works, this packet gets routed, i.e. the kernel finds out which
the proper destination IP is. It also has a route by which to
reach the realserver. In addition it either has an arp entry or
uses arp to find out which destination MAC is associated with the
IP. And so, it sends the packet it received to the realserver.
Source IP and destination IP are not touched at all: they are the
clients IP for src and the service IP for dst (this is the reason
why the service IP needs to be bound on the realservers).
The MACs, however, change: at first the destination MAC is that
of the director, the source MAC is that of the last router before
the director. After processing on the LB, the destination MAC is
that of the picked realserver and the source MAC is that of the
host running LVS.
It works just like normal (Internet/IP) routing.
> In the case of LVS-DR, the destination MAC address is changed -
> however the destination VIP address is maintained. The only
> way a realserver will service this connection is if you have
> configured the VIP on the loopback interface. Since we have
> done this, the realserver will formulate a reply, however the
> reply does NOT go back to where it came from (LVS), it goes
> around LVS. Is this correct?
Yes, it goes via the default gateway of the realserver - usually
not the director.
Regards & HTH,
Tobias
--
Never touch a burning system.
|
