Re: Multiple ports on real servers

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Multiple ports on real servers
From:	Joseph Mack NA3T <jmack@xxxxxxxx>
Date:	Thu, 23 Nov 2006 08:51:52 -0800 (PST)

On Thu, 23 Nov 2006, Mindaugas wrote:


Hello,

Accidently replied privately to ratz so repeating my e-mail here. :)

I need the following setup preferably with LVS-NAT:
VIP:80   --> RS1:80, RS1:81, RS1:82, RS2:80, RS2:81, RS2:82

VIP:80 goes to 6 realservers (which are running on 2 boxes,but the director doesn't know that).

VIP:8080 --> RS1:80, RS1:81, RS1:82, RS2:80, RS2:81, RS2:82
VIP:9080 --> RS1:80, RS1:81, RS1:82, RS2:80, RS2:81, RS2:82

3 open ports on real servers because I'd like to run 3 instances of
Squid on each to better utilize 4 cores (plus one more application which
will use 4th core).
I cannot do just VIP:80-->RS1:80, VIP:8080-->RS1:8080 because traffic
on those ports is very different.

Now I have the following iptables and IPVS rules on director:

-A PREROUTING -p tcp -m multiport --dports 80,8080,9080 -j MARK --set-mark0x1


-A -f 1 -s wlc -p 15
-a -f 1 -r RS1:0 -m -w 1
-a -f 1 -r RS2:0 -m -w 1

And iptables on real servers:
-A PREROUTING -s 0.0.0.0/0.0.0.1 -p tcp -m multiport --dports
80,8080,9080 -j REDIRECT --to-ports 80
-A PREROUTING -s 0.0.0.1/0.0.0.1 -p tcp -m multiport --dports
80,8080,9080 -j REDIRECT --to-ports 81

So I'm missing one Squid and load balancing is separated onto both director
and real servers. I'd prefer to have it in one place - on director.


you haven't told us which parts are working and which isn't.

Your setup is more complicated than I can understand withoutactually running the commands on a setup (which I don'thave), so my reply is mostly a guess...


Have you tested your setup in pieces first eg have you done

the 6 realserver setup in the first line? After you havean example working, then convert it to the fwmark format.

You have your packets going through a fwmark. It's probablyin the HOWTO somewhere saying whether you can rewrite portson a fwmarked packet (but I don't remember anyone tryingit). I would check whether you can do that, since theinformation on the source port is not available to theipvsadm if you use the fwmark format. Noone uses the RS1:0format for ipvsadm anymore. It may or may not work for whatyou want.


Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

<Prev in Thread]	Current Thread	[Next in Thread>
Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Siim Põder Re: Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Malcolm Re: Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Siim Põder Re: Multiple ports on real servers, Joseph Mack NA3T <= Re: Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Joseph Mack NA3T Re: Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Joseph Mack NA3T Re: Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Joseph Mack NA3T Re: Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Horms

Previous by Date:	Re: Reverse Path Loadbalancing, Joseph Mack NA3T
Next by Date:	RE: Reverse Path Loadbalancing, WRIGHT Alan
Previous by Thread:	Re: Multiple ports on real servers, Siim Põder
Next by Thread:	Re: Multiple ports on real servers, Mindaugas
Indexes:	[Date] [Thread] [Top] [All Lists]