Re: [lvs-users] LVS with all clients behind a single router. lvs-tun on

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] LVS with all clients behind a single router. lvs-tun on 2.6 kernel
From:	Joseph Mack NA3T <jmack@xxxxxxxx>
Date:	Mon, 25 Jun 2007 10:46:30 -0700 (PDT)

On Mon, 25 Jun 2007, Matthew Smart wrote:

> Thanks for the info.  That approach seems workable, but complicated, so
> I decided to pull an end run around.  I disabled persistence, moved
> sessions into mysql, and am relying on mysql's replication to ensure
> that all servers have the session data.

People keep talking about sessions, but I don't know what 
they're doing. I assume the client has a cookie which the 
servers recognise (via mysql replication). Presumably the 
clients keep hitting different realservers as part of their 
session (which I guess has state - eg a shopping cart) and 
you have to pass the state info around too. Is this what 
you're doing?

> This is probably a naive question, but is there any way for the director
> to identify that a request is coming from a client behind a nat router?

people asked this question a while ago, when users at home 
wanted to know whether their ISP could detect that the user 
had more than one computer using their connection if they 
were coming out of a NAT router. Similarly does Microsoft 
know that you have more than one computer installed with 
your one license CD.

The short answer is no. From the outside world, it's hard 
for the ISP to know how many computers are behind the NAT 
router. The long answer is that it should be possible to 
watch the ports that the calls are coming from, but it's a 
bit of work and no-one seems to do it (and ISP's have given 
up on limiting the number of computers you can have at 
home).

The machines behind the NAT router call from high ports in 
order. So say you're websurfing and you've just fired up the 
homecomputer, The first call to VIP:80 will come from 
CIP:1025. When that tcpip connection is closed down, the 
next call to VIP:80 will come from CIP:1026 etc. These calls 
get nat'ed into a similar monotonic series of ports from the 
NAT router (with 2.2 linux starting somewhere up near 
40,000, but now starting with port 1025). Originally there 
was a separate range reserved for each client (I think), 
allowing the ISP to watch for multiple clients behind the 
nat router. Now I think theirs only one range (to stop this 
pattern being observed).

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] LVS with all clients behind a single router. lvs-tun on 2.6 kernel, Matthew Smart Re: [lvs-users] LVS with all clients behind a single router. lvs-tun on 2.6 kernel, Graeme Fowler Re: [lvs-users] LVS with all clients behind a single router. lvs-tun on 2.6 kernel, Matthew Smart Re: [lvs-users] LVS with all clients behind a single router. lvs-tun on 2.6 kernel, Joseph Mack NA3T <= Re: [lvs-users] LVS with all clients behind a single router. lvs-tun on 2.6 kernel, Matthew Smart Re: [lvs-users] LVS with all clients behind a single router. lvs-tun on 2.6 kernel, Horms Re: [lvs-users] LVS with all clients behind a single router. lvs-tun on 2.6 kernel, Horms

Previous by Date:	Re: [lvs-users] Heartbeat + LVS: need to reload config, Chad Morland
Next by Date:	[lvs-users] ARP problems after upgrading to a new version of heartbeat., Joe Tiedeman
Previous by Thread:	Re: [lvs-users] LVS with all clients behind a single router. lvs-tun on 2.6 kernel, Matthew Smart
Next by Thread:	Re: [lvs-users] LVS with all clients behind a single router. lvs-tun on 2.6 kernel, Matthew Smart
Indexes:	[Date] [Thread] [Top] [All Lists]