Re: Multiple ports on real servers

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Multiple ports on real servers
From:	"Mindaugas" <mind@xxxxx>
Date:	Fri, 24 Nov 2006 16:48:44 +0200

I need the following setup preferably with LVS-NAT:
VIP:80   --> RS1:80, RS1:81, RS1:82, RS2:80, RS2:81, RS2:82
VIP:80 goes to 6 realservers (which are running on 2 boxes, but thedirector doesn't know that).


 Problem is that :80 does not work on LVS-NAT. IPVS does not
change destination port.

VIP:8080 --> RS1:80, RS1:81, RS1:82, RS2:80, RS2:81, RS2:82
VIP:9080 --> RS1:80, RS1:81, RS1:82, RS2:80, RS2:81, RS2:82

3 open ports on real servers because I'd like to run 3 instances of
Squid on each to better utilize 4 cores (plus one more application which
will use 4th core).
I cannot do just VIP:80-->RS1:80, VIP:8080-->RS1:8080 because traffic
on those ports is very different.


 ====> From there

Now I have the following iptables and IPVS rules on director:

-A PREROUTING -p tcp -m multiport --dports 80,8080,9080 -jMARK --set-mark 0x1


-A -f 1 -s wlc -p 15
-a -f 1 -r RS1:0 -m -w 1
-a -f 1 -r RS2:0 -m -w 1

And iptables on real servers:
-A PREROUTING -s 0.0.0.0/0.0.0.1 -p tcp -m multiport --dports
80,8080,9080 -j REDIRECT --to-ports 80
-A PREROUTING -s 0.0.0.1/0.0.0.1 -p tcp -m multiport --dports
80,8080,9080 -j REDIRECT --to-ports 81

So I'm missing one Squid and load balancing is separated onto bothdirector

and real servers. I'd prefer to have it in one place - on director.


you haven't told us which parts are working and which isn't.


 to there is currently working setup.

Your setup is more complicated than I can understand without actuallyrunning the commands on a setup (which I don't have), so my reply ismostly a guess...
You have your packets going through a fwmark. It's probably in the HOWTOsomewhere saying whether you can rewrite ports on a fwmarked packet (but Idon't remember anyone trying


 -j REDIRECT on iptables? Or something else?

 Of course I will look into HOWTO myself.

it). I would check whether you can do that, since the information on thesource port is not available to the ipvsadm if you use the fwmark format.Noone uses the RS1:0 format for ipvsadm anymore. It may or may not workfor what you want.


 What format is used nowadays then? And it works for me now.

 Thanks,

 Mindaugas

<Prev in Thread]	Current Thread	[Next in Thread>
Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Siim Põder Re: Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Malcolm Re: Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Siim Põder Re: Multiple ports on real servers, Joseph Mack NA3T Re: Multiple ports on real servers, Mindaugas <= Re: Multiple ports on real servers, Joseph Mack NA3T Re: Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Joseph Mack NA3T Re: Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Joseph Mack NA3T Re: Multiple ports on real servers, Mindaugas Re: Multiple ports on real servers, Horms

Previous by Date:	LVS dns cluster, Simon Pearce
Next by Date:	Re: Multiple ports on real servers, Joseph Mack NA3T
Previous by Thread:	Re: Multiple ports on real servers, Joseph Mack NA3T
Next by Thread:	Re: Multiple ports on real servers, Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]