|
If you use ldirectord with a fwmark virtual service with TUN, then you can't do
any reasonable checks.
Lets suppose I have 2 realservers with apache+tomcat (with ip based virtual
hosts), 1 fwmark virtual service to bundle 80,443 and 2038 together. Then when
I specify something like this in ldirectord.cf (this is not my actual file, but
it shows the deficiency)
virtual=1
real=192.168.6.4 ipip
real=192.168.6.5 ipip
service=http
checkport=80
checktype=negotiate
request="index.html"
receive="Test Page"
scheduler=wrr
ldirectord will send requests to 192.168.6.4 and 192.168.6.5 where nothing is
listening because I use ipbased virtual host and the VIP address is on the
tunl0 interface on the real servers. From what I have read, you cannot convince
ldirectord to encapsulate the http request to a packet that is sent to
192.168.6.4 then decapsulated and sent to the tunl0 VIP if you use fwmark
service. If you use tcp virtual service with port 0 then it will work, but if
you need fmwark then there is no way to specify the VIP.
So I see only 3 possibilities:
1.) I have missed something and it is possible to monitor a certain VIP on a
certain host with fwmark + tunneling with ldirectord.
2.) It's not possible and I have to write a patch for ldirectord to add setting
for VIP for monitoring the service
3.) I have to use standard tcp virtual service with port 0 (so everything will
be forwarded to realservers).
Any ideas?
Jaro
|
