|
Hi Con,
Con Tassios wrote:
> On Thu, 4 Oct 2007, Dan Yocum wrote:
>
>> So, the questions I have are these:
>>
>> Why don't I need to bring up the VIP on the real servers? Is this
>> normal? Is this expected?
>
> With LVS-DR, if you have an iptables rule such as 'iptables -t nat -A
> PREROUTING -d VIP -p tcp --dport PORT -j REDIRECT' you would not need to have
> the VIP configured on the real servers.
Cool. This is what I have on the real servers, and by all indications
(e.g., watching tcpdump) it's working as expected. I hope something
isn't going to pop up and bite me in the butt by doing this (usually the
Networking Group here at Fermi ;-).
I have to admit that I have forgotten most of what little I knew about
LVS, iptables, advanced networking concepts in general in the 5 years
since I set up the SDSS data distribution servers. Since I left that
experiment another admin dumped LVS but I was lucky enough to have made
copies of /etc on all the systems, so I could go back to see what I did.
Looking in etc/sysconfig/network-scripts, it doesn't look like I
was setting up VIPs on the real servers back then, either.
Since everything is working right now, I think I'm going to declare
victory and move on.
Thanks for the reminders,
Dan
--
Dan Yocum
Fermilab 630.840.6509
yocum@xxxxxxxx, http://fermigrid.fnal.gov
Fermilab. Just zeros and ones.
|
