[lvs-users] vip-to-vip connection between two sets of realservers with o

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: [lvs-users] vip-to-vip connection between two sets of realservers with one director?
From: "Fred Clift" <fclift@xxxxxxxxx>
Date: Wed, 21 Apr 2010 17:09:52 -0600

Lets say hypothetically I have a director with two vips.  The vips 
represent different services, different areas of responsibility, etc. 
This isn't my actual case, but as an example, they could be a front-end 
web-server and a back-end database server.  But one director for both 
sets of realservers.

For this simple example, lets say that I currently only have one 
realserver for each virtual-server/vip.

I'm doing LVS/NAT.  I would like to have the web-server connect to the 
vip representing the database virtual server and have the connection 
work.  I'm also doing an SNAT rule for each virtual server on the 
director to ensure that outbound traffic from the realservers appear to 
come from the vip of the virtualserver.

It doesn't work of course.  Or I wouldn't be asking - how can I make 
this work?  Ideally, if I could do a PREROUTING SNAT rule, I think I 
could make it work, but iptables says 'no' to that.  I'm wondering if I 
could do some kind of SNAT POSTROUTING rule on the realservers to do 
something special, or if there is a better/different way.

As an analog to LVS, I set up for individual realservers and two vips a 
pair of symetric SNAT/DNAT rules for each realserver, and then was able 
to make this work.   I'm not sure where in the packet-processing stream 
for outbound packets LVS picks the packets back up, or if it does at all.

So, does my question make sense?  I would like realservers for one vip 
to make connections to the vip of another virtual server on the same 
director.  Anyone know how?

Fred Clift

Fred Clift
MCS Team Architect
Verio, and NTT Communications Company

This email message is intended for the use of the person to whom it has been 
sent, and may contain information that is confidential or legally protected. If 
you are not the intended recipient or have received this message in error, you 
are not authorized to copy, distribute, or otherwise use this message or its 
attachments. Please notify the sender immediately by return e-mail and 
permanently delete this message and any attachments. Verio, Inc. makes no 
warranty that this email is error or virus free.  Thank you.

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>