|
Gah, replying to own post...
On Thu, 2007-12-20 at 11:29 +0000, Graeme Fowler wrote:
> This *should* allow you, with some modifications, to sort out your
> problem and keep an active/active master/backup (by this I mean with
> IPVS loaded and configured on both directors).
This works perfectly where you have more than one interface and are
routing inter-director traffic via a "backend". In the case of a single
NIC on each box, you need a modified rule to NOT apply the mark value to
packets sourced from the "other" director:
1. On node1 create an iptables rule of the form:
-t mangle -I PREROUTING -d $VIP -p tcp -m tcp --dport $VPORT -m mac \
! --mac-source $MAC_NODE2 -j MARK --set-mark 0x6
where $MAC_NODE2 is node2's MAC address as seen by node1. Do a similar
trick on node2:
-t mangle -I PREROUTING -d $VIP -p tcp -m tcp --dport $VPORT -m mac \
! --mac-source $MAC_NODE1 -j MARK --set-mark 0x7
where $MAC_NODE1 is node1's MAC address as seen by node2.
2. Change your keepalived.conf so that it uses fwmarks.
node1:
virtual_server fwmark 6 {
node2:
virtual_server fwmark 7 {
Maybe I should write this up properly for Joe's HOWTO :)
|
