I am using the following setup using NAT in the directors, and it is
working well (no performance tests made yet). In the final setup I
intend to have the loabalancers with dual NICs one for the 192.168.1.0
network and other to the 192.168.0.0 network, for now the test was made
with 192.168.0.X as an alias on eth0. The internal VIP (IVIP) was
defined as the default gateway for the realservers, and also the
iptables on the LoadBalancer was used:
iptables -t nat -A POSTROUTING -j MASQUERADE -s 192.168.0.0/24
| Internet
|
___|___
|Router |
|_______|
| 192.168.1.1
__________|___________________________________
| VIP:192.168.1.200 | |
| IVIP:192.168.0.200 | |
| | |
|192.168.1.120 |192.168.1.140 |
|192.168.0.120 |192.168.0.140 |
______|______ _______|_____ |
|LoadBalancer1| |LoadBalancer2| |
|_____________| |_____________| |
|
|
__________________________________________|
| |
|dgw: 192.168.0.200 |dgw: 192.168.0.200
|192.168.0.170 |192.168.0.190
______|______ ______|______
|RealServer1 | |RealServer2 |
|_____________| |_____________|
I have one problem that I don't know if it can be solved, so I'm asking
your opinion. I'm using also OpenVZ on all servers (including the
Loadbalancers), but LVS is installed on the Hardware Node, not using
OpenVZ at all. The problem I have is if I put a VE (virtual environment
~= virtual machine) on the standby loadbalancer and run on it a
realserver. When the director sends a client request to the realserver
running on the standby loadbalancer (for example with Loadbalancer1
active and realserver with IP 192.168.0.150 running on a VE on
Loadbalancer2) the request fails. Using tcpdump I found that the
connection request arrives to the realserver (loadbalancer2 node in that
case), but it answers it directly to the router (using router MAC
address), so there is no translation done by the loadbalancer1 as it
should. The comparison made with tcpdump on realserver1 or realserver2,
all is equal except the destination MAC address - when the reply is from
realserver1 or 2, the destination IP is 192.168.1.1 but the destination
MAC address is of the loadbalancer1 NIC, and when the reply is from the
realserver running on a VE on Loadbalancer2, the destination IP is also
192.168.1.1 but the destination MAC address is the Router MAC address.
Is there any way to turn around this problem? I suppose Loadbalancer2
will always have the Router MAC address in the ARP table, since it is
pinging it periodically to test the network. I tried to remove the
default gateway entry on loadbalancer2 when it is in standby, replacing
it for the internal VIP (192.168.0.200), but it also didn't do the
trick.
|