|
On Fri, 2008-03-07 at 12:20 +0530, hirantha wrote:
> Basically I don't administrate the firewalls, routers on the realserver
> resides ISP. I think this is obvious --
> most of people doesn't have network control on the ISP. But I can tell them
> the situation. I would like to know what
> would be on firewalls and routers to be eligible to establish lvs-tun. What
> should I tell them..?
The people administering the networks that the realservers live on need
to allow egress (outbound) traffic from the VIP for LVS-TUN to work.
Using TUN, the realservers reply directly to the clients:
http://www.linuxvirtualserver.org/VS-IPTunneling.html
If you have realservers on networks controlled by different providers,
they probably won't advertise the VIP to their peers or permit traffic
from the VIP to leave their network, especially if their upstreams apply
filters to the announcements they receive. It would be seen as a form of
spoofing.
You can ask them to, but I suspect the answer will be no.
Graeme
|
