LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

[lvs-users] problem with setting up a balancer with targets in same subn

from [dpecka] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] problem with setting up a balancer with targets in same subnet as its front
From: dpecka <dpecka@xxxxxxxxxxxxxxx>
Date: Wed, 17 Feb 2010 10:24:25 +0100 
hi ip_vs* developers ..

i am new to this mailinglist and i'd just like to say first, that
linuxvirtualserver.org is awesome project ..
but back to business now.


i am setting up a load balancer for some services and have no problem
with configuration when balancing between two different subnets,
but i am utterly unable to set it up if want to balance in just one
subnet ..

my common sense says to me, that for one subnet i should use a SNAT, but
it completely omits a snat POSTROUTING rules and balanced
packets come to the targets with original client ip address ..

i have following configuration:

# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.60.252:ldap rr persistent 360
  -> 192.168.100.11:ldap          Masq    1      0          0
  -> 192.168.100.12:ldap          Masq    1      0          0
TCP  192.168.60.252:http rr persistent 360
  -> 192.168.60.78:http           Masq    1      0          1


^^ ldap works for me fine. Weird is, that i am using -m (masquerade)
method even i have completely no masquerade for *:ldap service .. 
its's not working with default gateway method .. but it don't hurt since
it works fine for me ..

*:http service simply does not work with snat with this rule:
iptables -t nat -I POSTROUTING -p tcp -d 192.168.60.78 --dport 80 -j
SNAT --to-source 192.168.60.252

which can be listed using this:
# iptables -t nat -L | sed '/POSTROU/,/^$/!d'
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       tcp  --  anywhere             192.168.60.78       tcp
dpt:http to:192.168.60.252

.. but anyway this rule is completely ommited and snoop on target server
shows:
# snoop -d vnet1 port 80
Using device vnet1 (promiscuous mode)
192.168.60.201 -> 192.168.60.78 HTTP C port=51620
192.168.60.78 -> 192.168.60.201 HTTP R port=51620
192.168.60.201 -> 192.168.60.78 HTTP C port=51620

.. which indicates, that target server tries to reply to client without
using snat on balancer .. 

any help or suggestion will be very appreciated .. thanks and regards
ave, daniel


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [lvs-users] ldirectord emailalert: Inaccessible real server, Simon Horman
Next by Date:  Re: [lvs-users] problem with setting up a balancer with targets in same subnet as its front, Graeme Fowler
Previous by Thread:  Re: [lvs-users] Why Does ldirectord Require a Full Restart to Change the emailalert Status?, Robinson, Eric
Next by Thread:  Re: [lvs-users] problem with setting up a balancer with targets in same subnet as its front, Graeme Fowler
Indexes:  [Date] [Thread] [Top] [All Lists]