LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] Connecting directly to realservers in a one-network LVS-

from [Joseph Mack NA3T] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Connecting directly to realservers in a one-network LVS-NAT
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Tue, 27 Nov 2007 04:15:19 -0800 (PST) 
On Mon, 26 Nov 2007, Ben Hollingsworth wrote:

> Apparently, the forwarding rules get first dibs.  In my environment,
> when the director sees a packet come back from the private side that
> didn't first come through addressed to the VIP, then the director just
> acts as a router and dutifully forward the packet wherever it thinks it
> should go without NATting it.  No iptables or conntrack is used.
>
> BTW, in the default setup, the director merely sends an ICMP redirect
> back to the real server, which causes problems under some
> circumstances.  I had to set "net.ipv4.conf.default.send_redirects = 0"
> to get it to work consistently.

I think in the HOWTO I said to turn all these off.

> What we ended up doing was dissolving the private subnet entirely.  Each
> RS thinks that it's on a /32 (1-host) subnet that contains only itself.
> We forced a routing rule that tells it the default route is to the
> virtual gateway on eth0, even though it doesn't have a subnet route for
> that gateway.  The RS routing table looks like this:
>
> # netstat -rn
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
> 172.22.64.222   0.0.0.0         255.255.255.255 UH        0 0          0 eth0
> 0.0.0.0         172.22.64.222   0.0.0.0         UG        0 0          0 eth0
>
> 172.22.64.222 is the virtual gateway on the director.  The down side
> here is that any communication amongst the RS's gets bounced off the
> director.

In the HOWTO I setup hostroutes for the realservers and they 
talk to each other bouncing off the director.


> In our low-volume environment, that's not a problem.  We're
> balancing for availability, not throughput.
>
> Does this all make sense?  Are you all cringing yet?  We didn't exactly
> plan this layout; it's just where we ended up after we'd fixed all the
> problems we encountered along the way.

sounds fine to me. I'll add it to the one-network NAT 
section sometime.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [lvs-users] ldirectord not stopping healthchecks after quiescent rs, Sebastian Vieira
Next by Date:  [lvs-users] RFC: Forking ldirecterd [PATCH], Ryan Castellucci
Previous by Thread:  Re: [lvs-users] Connecting directly to realservers in a one-network LVS-NAT, Ben Hollingsworth
Next by Thread:  Re: [lvs-users] Connecting directly to realservers in a one-network LVS-NAT, Joseph Mack NA3T
Indexes:  [Date] [Thread] [Top] [All Lists]