|
Thanks for replying Joseph. But I don't think https is limited to the
name in the certificate. Cause if https needs to go to the name in the
certificate how do you load balance a https domain considering you
have enough $$ to shell out per server :)
-------ldirectord.cf
virtual=vvv.vv.vvv.130:80
real=zz.zz.zzz.44:80 ipip
real=xxx.xx.xxx.108:80 ipip
service=http
request="beat.html"
receive="ping"
scheduler=rr
persistent=300
netmask=255.255.255.224 <--- (how do you figure out this netmask)
---------snip
The mask for the VIP is /32 but I was referring to this netmask. Are
these both referring to the VIP netmask?
Thanks again for your help.
-sameer
On 5/1/07, Joseph Mack NA3T <jmack@xxxxxxxx> wrote:
On Tue, 1 May 2007, Sameer Garg wrote:
> Hi All,
>
> I am setting up load balancing using LVS/Tun. I have a director which
> balances traffic betwen two real servers.
> |-----------------------------------|
> | LVS_IP |
> |_______________________ |
> / \
> || Real Server 1 || || Real Server 2 ||
>
> In this setup only one of the Real Servers can service SSL request(
> assuming RS#1 here). When I go to http://LVS_IP the load balancer
> works fine. But when I try https://LVS_IP there is no response.
https I think needs to go to the name in the certificate
(and not the IP).
> The real servers have the following options for
> arp_ignore=1 and arp_announce=2.
if it's OK for http, then the packets will do the right
thing for https.
> Beside the SSL problem I would also like to know how do
> you determine what value of netmask to use in
> ldirectord.cf.
the VIP is /32
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
