Re: how to support transparent cache cluster in ipvs?

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx, horms@xxxxxxxxxxxx, jmack@xxxxxxxx
Subject:	Re: how to support transparent cache cluster in ipvs?
From:	home_king <home_king@xxxxxxx>
Date:	Wed, 29 Nov 2006 13:21:40 +0800

hi, Horms. I'm glad to see your reply. Thanks for your reformat work formy patch.


Here is my signature:
Signed-off-by: Jinhua Luo <home_king@xxxxxxx>

I have already tested this patch to deploy the TP (squid), as describedin my last message.

I will show the example in detail below.

In the patch, I assign a value of 101 to the priority of the new hook fn --

ip_vs_forward_with_fwmark(), which let it be called after ip_vs_out()which handles SNAT(inside-to-outside) packets, and check the ipvs_property flag, thus thenew hook fn would notconflict with ip_vs_out() & ip_vs_forward_icmp(). Moreover, it justaccepts those packets whichindeed belong to some virtual service defined, and passes other normalpackets. In other word,it will not break the world :-) This patch makes ipvs support TP in anative manner.

Joe, here I will explain in detail for how I deploy TP using this patch,and I hope the

description fit for the HOWTO.

TP topology:
              +--------------------+
              |                    |
Internet <---->| eth1 ($PUB_IP)     |<----client ($CIP)
              |    IPVS Router     |
          | ($GATEWAY_IP) eth0 |<-------------proxy2 ($RIP1)
              |                    |<---------- proxy1 ($RIP2)
              +--------------------+

Given that $GATEWAY_IP, $CIP, $RIP1, $RIP2 lie in the same network whichis called $LOCAL_NETWORK.

Below is a brief setting for TP deployment (I skip the housekeepsettings, such as IP, DNS, squid

normal configurations, etc):

@ IPVS Router

# enable forward
sysctl -w net.ipv4.ip_forward=1
# TP packets fwmark rule (pass web requests from proxy, and mark others)
iptables -t mangle -A FORWARD -i eth0 -p tcp -s $RIP1 -j ACCEPT
iptables -t mangle -A FORWARD -i eth0 -p tcp -s $RIP2 -j ACCEPT

iptables -t mangle -A FORWARD -i eth0 -p tcp -s $LOCAL_NETWORK --dport80 -j MARK --set-mark 1

# SNAT rule
iptables -t nat -A POSTROUTING -p tcp -o eth1 -j SNAT --to-source $PUB_IP
# ipvs setting
ipvsadm -A -f 1 -s lblcr
ipvsadm -a -f 1 -r $RIP1
ipvsadm -a -f 1 -r $RIP2

@ proxy RS

# REDIRECT rule

iptables -t nat -A PREROUTING -p tcp -i eth0 -s $LOCAL_NETWORK --dport80 -j REDIRECT --to-ports 3128

# squid setting
cat >> /etc/squid/squid.conf << EOF
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
EOF
# restart the squid service
/etc/init.d/squid restart

<Prev in Thread]	Current Thread	[Next in Thread>
how to support transparent cache cluster in ipvs?, home_king Re: how to support transparent cache cluster in ipvs?, Horms Re: how to support transparent cache cluster in ipvs?, Horms Re: how to support transparent cache cluster in ipvs?, home_king <= Re: how to support transparent cache cluster in ipvs?, Horms

Previous by Date:	Re: firewall marks + tunneling + persistence = ERR! state, Horms
Next by Date:	Re: how to support transparent cache cluster in ipvs?, Horms
Previous by Thread:	Re: how to support transparent cache cluster in ipvs?, Horms
Next by Thread:	Re: how to support transparent cache cluster in ipvs?, Horms
Indexes:	[Date] [Thread] [Top] [All Lists]