LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] Redhat init script problem with realservers

from [Graeme Fowler] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Redhat init script problem with realservers
From: Graeme Fowler <graeme@xxxxxxxxxxx>
Date: Fri, 05 Sep 2008 09:29:28 +0100 
On Thu, 2008-09-04 at 17:43 -0500, David Dyer-Bennet wrote:
> After taking Xen out of the picture on the LVS node, and a failing attempt
> to use the "configure" script, setting up via piranha following the Redhat
> instructions sort of worked.  I get connections to one realserver or the
> other, and other connections hang.

Aha, you may be better off asking the Piranha-related questions on the
relevant Redhat mailing list(s):

https://www.redhat.com/mailman/listinfo/piranha-list
https://www.redhat.com/mailman/listinfo/linux-cluster

> None of the realservers can ping out.  Is this normal?  I'm using the NAT
> setup, partly because I thought it would allow the realservers to connect
> out (normal NAT setups that I'm familiar with support outward
> connections!).  Once I get past basic testing, the applications on the
> realservers will have to connect to databases and things which aren't of
> course on the private network.  Also the realservers currently have an
> interface directly connected to the outside network; shouldn't *that*
> provide outside connectivity?  Or is it the source of my problems?  Do the
> realservers *have to* be totally isolated behind the LVS nodes?

On the realservers, the default route *must* be via the notional
"inside" interface of the director for LVS-NAT to work. If the default
route goes a different way, then the traffic returning to the client is
not un-NATted correctly and may result in a hung connection.

There is an exception, however: if the clients come from a small, known,
pool of addresses (which may apply in your case) then there must be a
route back from the clients to that network range (or those ranges) via
the director so that un-NATting can happen. Other traffic - such as that
sourced from the realserver for example for OS updates - can go
whichever way you want it to, and in fact I normally make it my practice
to ensure that the traffic emanating from the realservers for this type
of operation doesn't appear to come from the VIP anyway.

In summary: for NAT to work, traffic back to clients must go via the
director.

Graeme
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [lvs-users] Redhat init script problem with realservers, David Dyer-Bennet
Next by Date:  [lvs-users] IPVS/NAT - no connection after real server down, Pitscheider, Oswald
Previous by Thread:  [lvs-users] Redhat init script problem with realservers, David Dyer-Bennet
Next by Thread:  Re: [lvs-users] Redhat init script problem with realservers, David Dyer-Bennet
Indexes:  [Date] [Thread] [Top] [All Lists]