LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: how to support transparent cache cluster in ipvs?

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx, horms@xxxxxxxxxxxx, jmack@xxxxxxxx
Subject: Re: how to support transparent cache cluster in ipvs?
From: home_king <home_king@xxxxxxx>
Date: Wed, 29 Nov 2006 13:21:40 +0800
hi, Horms. I'm glad to see your reply. Thanks for your reformat work for my patch.

Here is my signature:
Signed-off-by: Jinhua Luo <home_king@xxxxxxx>

I have already tested this patch to deploy the TP (squid), as described in my last message.
I will show the example in detail below.

In the patch, I assign a value of 101 to the priority of the new hook fn --
ip_vs_forward_with_fwmark(), which let it be called after ip_vs_out() which handles SNAT (inside-to-outside) packets, and check the ipvs_property flag, thus the new hook fn would not conflict with ip_vs_out() & ip_vs_forward_icmp(). Moreover, it just accepts those packets which indeed belong to some virtual service defined, and passes other normal packets. In other word, it will not break the world :-) This patch makes ipvs support TP in a native manner.


Joe, here I will explain in detail for how I deploy TP using this patch, and I hope the
description fit for the HOWTO.

TP topology:
              +--------------------+
              |                    |
Internet <---->| eth1 ($PUB_IP)     |<----client ($CIP)
              |    IPVS Router     |
          | ($GATEWAY_IP) eth0 |<-------------proxy2 ($RIP1)
              |                    |<---------- proxy1 ($RIP2)
              +--------------------+

Given that $GATEWAY_IP, $CIP, $RIP1, $RIP2 lie in the same network which is called $LOCAL_NETWORK.

Below is a brief setting for TP deployment (I skip the housekeep settings, such as IP, DNS, squid
normal configurations, etc):

@ IPVS Router

# enable forward
sysctl -w net.ipv4.ip_forward=1
# TP packets fwmark rule (pass web requests from proxy, and mark others)
iptables -t mangle -A FORWARD -i eth0 -p tcp -s $RIP1 -j ACCEPT
iptables -t mangle -A FORWARD -i eth0 -p tcp -s $RIP2 -j ACCEPT
iptables -t mangle -A FORWARD -i eth0 -p tcp -s $LOCAL_NETWORK --dport 80 -j MARK --set-mark 1
# SNAT rule
iptables -t nat -A POSTROUTING -p tcp -o eth1 -j SNAT --to-source $PUB_IP
# ipvs setting
ipvsadm -A -f 1 -s lblcr
ipvsadm -a -f 1 -r $RIP1
ipvsadm -a -f 1 -r $RIP2

@ proxy RS

# REDIRECT rule
iptables -t nat -A PREROUTING -p tcp -i eth0 -s $LOCAL_NETWORK --dport 80 -j REDIRECT --to-ports 3128
# squid setting
cat >> /etc/squid/squid.conf << EOF
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
EOF
# restart the squid service
/etc/init.d/squid restart



<Prev in Thread] Current Thread [Next in Thread>