|
On Thu, 2009-02-12 at 18:06 -0800, Praveen Sooryanarayana wrote:
> Yes, it's on the real servers. And the LVS also works fine.
But...
> Also, if I send requests to <Virtual ip>:8080, everything works fine.
Your original message says:
> Output of ipvsadm -L -n:
>
> IP Virtual Server version 1.2.1 (size=4096)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP 10.10.50.100:8080 rr
> -> 10.10.50.11:8080 Route 1 0 0
> -> 10.10.50.12:8080 Local 1 0 0
...and...
> iptables -t nat -A PREROUTING -p tcp -d 10.10.50.100 --dport 80 -j
> DNAT --to 10.10.50.100:8080
Taken together, this implies that the rule is running on the *director*
and not on the realservers such that an incoming packet to the VIP hits
the director on port 80, gets mapped to 8080 and then load balanced
(this is what you want, isn't it?).
It won't work on a number of counts:
1. netfilter and ipvs hook packets in different places in the traffic
flow. It's rarely possible to mangle a packet with DNAT and then get
ipvs to pick it up, because the packet has already traversed the ipvs
hook and been missed [Joe, remind me sometime to work up that packet
flow diagram].
2. You're using gate, or LVS-DR. This means the realservers respond
directly to the clients - and if they're responding from port 8080, the
responses will be ignored by the clients as they expect a response from
port 80.
I'd say that in this case, although it increases the complexity a bit,
you'd be better off making Tomcat listen on port 80 or make use of
Apache's mod_jk to hook Apache on port 80 and Tomcat on 8080 together.
Graeme
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
