|
> Are you referring to Layer 2 or Layer 3 destination address mangling?
> As far as I know, an LVS configured for NAT will mangle the destination
> IP address from the VIP to the realserver's address. It then places
> this packet on the network and it goes to the realserver. Since the
> LVS changes the destination (and not the source IP address), the
> realserver on the backend still sees the originating IP address. When
> the realserver formulates its response, doesn't the response goto the
> MAC address which it received the request from (LVS)?
>
> In the case of LVS-DR, the destination MAC address is changed - however
> the destination VIP address is maintained. The only way a realserver
> will service this connection is if you have configured the VIP on the
> loopback interface. Since we have done this, the realserver will
> formulate a reply, however the reply does NOT go back to where it came
> from (LVS), it goes around LVS. Is this correct?
What's going on here is this: The director and realserver both have the VIP,
but only the director responds with an ARP for the VIP. The director then
looks for the MAC of the realserver by arping for the RIP. Once it knows
the MAC address of the realserver, it then rewrites (Layer 2) the original
packet with the realserver's MAC and drops it on the wire. The realserver
then picks it up, since it's addressed to its MAC, and then, since it has
the VIP on one of its interfaces (usually the lo interface), it processes it
and proceeds merrily on its way. :) That's how the DR mode works.
And yes, it goes "around" the LVS unless the LVS machine is set up as it's
default gateway... Which isn't USUALLY the case, but it can be. ;)
Dave
|
