The client computer and the realserver are both on the same segment
connected to the director's eth1. (MOST client computers are on the
other side of the director on eth0.) The VS is configured on eth0 in
LVS-NAT mode. Clients on the "outside" connect through the director to
the RS fine. The one client on the inside cannot connect through the VS
on eth0. It just times out. I looked into this once before and it has to
do with icmp redirects, local routing, ARPs, and so on. Bottom line is
that the client's SYN packet gets redirected through LVS, but the
server's SYN-ACK goes straight to the client since they are both on the
same segment. The client ignores it because it comes from the wrong IP
address. You're right... the "newer implementations" comment was muddy
thinking.
--
Eric Robinson
-----Original Message-----
From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Joseph
Mack NA3T
Sent: Wednesday, March 11, 2009 4:43 AM
To: LinuxVirtualServer.org users mailing list.
Subject: Re: [lvs-users] Do newer LVS implementations allow hairpinning?
On Tue, 10 Mar 2009, Robinson, Eric wrote:
> Do newer LVS implementations allow hairpinning requests back out the
> same interface they arrived on? In other words, if my load balancer
> has virtual services listening on its eth0, and the realservers are on
> eth1, is it possible for a client computer on eth1
a client computer can be attached to any NIC on the director.
> to connect to the VS on eth0 and be redirected back to one of the RS's
> on eth1?
Provided you haven't done something to block the routing, it should
work. I don't know what "newer LVS implementations"
has to do with this
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot)
net - azimuthal equidistant map generator at
http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's
GNU/Linux!
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Disclaimer - March 12, 2009
This email and any files transmitted with it are confidential and intended
solely for LinuxVirtualServer.org users mailing list.. If you are not the named
addressee you should not disseminate, distribute, copy or alter this email. Any
views or opinions presented in this email are solely those of the author and
might not represent those of . Warning: Although has taken reasonable
precautions to ensure no viruses are present in this email, the company cannot
accept responsibility for any loss or damage arising from the use of this email
or attachments.
This disclaimer was added by Policy Patrol: http://www.policypatrol.com/
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|