I would like some feed back on our current LVS-NAT configuration.
Basically, we are using IPTABLES to make sure that certain RIPs are
associated with certain VIPs for outbound traffic.
Our requirement is that we have to route certain RIP traffic out the same
VIP--we have to have multiple VIPs. This is especially necessary when using
sendmail as an MTA. Certain Sendmail RIPs must send out packets on a
specific VIP. LVS-NAT does not seem to control RIP to VIP packets. So, we
are using IPTABLES to associate a certain RIP with a certain VIP. Below is
a sample:
$IPT -t nat -A POSTROUTING -s $RIP_M1_01 -o $EXT_INTER -j SNAT --to-source
$VIP_M_01
$IPT -t nat -A POSTROUTING -s $RIP_M2_01 -o $EXT_INTER -j SNAT --to-source
$VIP_M_01
$IPT -t nat -A POSTROUTING -s $RIP_M3_01 -o $EXT_INTER -j SNAT --to-source
$VIP_M_01
$IPT -t nat -A POSTROUTING -s $RIP_M1_02 -o $EXT_INTER -j SNAT --to-source
$VIP_M_02
$IPT -t nat -A POSTROUTING -s $RIP_M2_02 -o $EXT_INTER -j SNAT --to-source
$VIP_M_02
$IPT -t nat -A POSTROUTING -s $RIP_M3_02 -o $EXT_INTER -j SNAT --to-source
$VIP_M_02
So, for example, we are using three systems (M1, M2 and M3), and we are
associating certain RIPs with certain VIPs, as in this visual
representation.
$RIP_M1_01 --> $VIP_M_01
$RIP_M2_01 --> $VIP_M_01
$RIP_M3_01 --> $VIP_M_01
$RIP_M1_02 --> $VIP_M_02
$RIP_M2_02 --> $VIP_M_02
$RIP_M3_02 --> $VIP_M_02
$RIP_M1_03 --> $VIP_M_03
$RIP_M2_03 --> $VIP_M_03
$RIP_M3_03 --> $VIP_M_03
Is using IPTABLES for this a good solution for this? Or is there a kernel
patch that will always associate the RIPs with the VIPs (in the ipvsadm
setup)? ipvsadm will do the VIPs to RIPs, but ipvsadm does not seem to do
RIP to VIP.
Does the LVS-NAT source routing patch (Brownfield, Sawari and Black) solve
the RIP to VIP association problem?
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#brownfield
Any help or comments would be appreciated. Thanks.
David Mitchell
|