Re: [lvs-users] Another question while I'm at it about SSL termination o

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] Another question while I'm at it about SSL termination on the director.
From:	lists <lists@xxxxxxxxxxxxxxxx>
Date:	Fri, 02 May 2008 11:16:52 +0100

Joseph,

Ah found what I was after in the manual !
I assume that this patch has not been integrated to the current kernel 
though?


        12.2.2. Carlos Lozano's solution

Carlos Lozano /clozano (at) andago (dot) com/ 02 Jul 2004

We have a machine that must be both a client and director. The two 
problems to solve are

    * ipvs doesn't handle loopback packets
    * the return packets are handled by ip_vs_in, and not by ip_vs_out.

I have written a ip_vs_core.c.diff 
<http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/files/ip_vs_core.c.diff> 
(http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/files/ip_vs_core.c.diff) 
patch for 2.4.26 using IPVS-NAT. It works correctly in my testcase. The 
schema is:

External client ---> IPVS:443 --> Local:443 ---> IPVS:80 ---> RealServer
      






Joseph Mack NA3T wrote:
> On Thu, 1 May 2008, lists wrote:
>
>   
>> At the moment I can do SSL termination with pound, then hand off localy
>> to HaProxy for cookie insertion and load balancing:
>> Pound -> HaProxy -> Real Servers
>> x.x.x.10:443 -> x.x.x.10:80 -> Real Servers
>>
>> But I'd like to do :
>> Pound -> LVS -> Real Servers
>> x.x.x.10:443 -> x.x.x.10:80 -> Real Servers
>>     
>
> VIP:443->VIP:80?
>
>   
>> But the Pound process on the director can't access Real servers via the
>> local LVS set up at x.x.x.10:80?
>>     
>
> hmm. I would have thought that Pound does this
>
> VIP:443->Pound->VIP:80
>
> At the moment I don't understand how the packets are doing
>
> x.x.x.10:443 -> x.x.x.10:80
>
> Independant of that, your posting indicates that a packet 
> dst_addr=VIP:80 arrives on the realserver. If you have 
> something listening on VIP:80, then you don't need to send 
> it back to the director for loadbalancing.
>
>   
>> Is this the local node problem?
>>     
>
> no
>
>   
>> I've tried in NAT and DR mode.
>> Is their anyway I can get LVS to pick up a local request i.e. wget
>> x.x.x.10:80  (from local console) picks up data from a real server?
>>     
>
> how are you doing the local request. Do you want the above 
> wget request to go to the director? This isn't possible, as 
> you have the VIP on the realserver (you know all this).
>
> Joe
>
>

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] Another question while I'm at it about SSL termination on the director., lists Re: [lvs-users] Another question while I'm at it about SSL termination on the director., Joseph Mack NA3T Re: [lvs-users] Another question while I'm at it about SSL termination on the director., lists <= Re: [lvs-users] Another question while I'm at it about SSL termination on the director., Joseph Mack NA3T Re: [lvs-users] Another question while I'm at it about SSL termination on the director., prockter@xxxxxxxxx

Previous by Date:	Re: [lvs-users] Another question while I'm at it about SSL termination on the director., prockter@xxxxxxxxx
Next by Date:	Re: [lvs-users] Another question while I'm at it about SSL termination on the director., Joseph Mack NA3T
Previous by Thread:	Re: [lvs-users] Another question while I'm at it about SSL termination on the director., Joseph Mack NA3T
Next by Thread:	Re: [lvs-users] Another question while I'm at it about SSL termination on the director., Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]