|
> All,
>
>
> Lets say hypothetically I have a director with two vips. The vips
> represent different services, different areas of responsibility, etc.
> This isn't my actual case, but as an example, they could be a front-end
> web-server and a back-end database server. But one director for both
> sets of realservers.
>
>
> For this simple example, lets say that I currently only have one
> realserver for each virtual-server/vip.
>
>
>
> I'm doing LVS/NAT. I would like to have the web-server connect to the
> vip representing the database virtual server and have the connection
> work. I'm also doing an SNAT rule for each virtual server on the
> director to ensure that outbound traffic from the realservers appear to
> come from the vip of the virtualserver.
>
> It doesn't work of course. Or I wouldn't be asking - how can I make
> this work? Ideally, if I could do a PREROUTING SNAT rule, I think I
> could make it work, but iptables says 'no' to that. I'm wondering if I
> could do some kind of SNAT POSTROUTING rule on the realservers to do
> something special, or if there is a better/different way.
Use different subnets for the different classes of real servers.
Ex:
Data rail: 10.0.1.0/24
Web rail: 10.0.2.0/24
Data server:
* IP 10.0.1.2/24
Web server:
* IP 10.0.2.2/24
Director:
* IP 10.0.1.1/24
* IP 10.0.2.1/24
* VIP 10.0.3.10/24 Data
* VIP 10.0.3.11/24 Web (or the public IP if ipvs is the firewall as
well)
ipvsadm -A t 10.0.3.10:3306 -s wlc
ipvsadm -a t 10.0.3.10:3306 -r 10.0.1.2:3306 -m -we 100
ipvsadm -A t 10.0.3.11:80 -s wlc
ipvsadm -a t 10.0.3.11:80 -r 10.0.2.2:80 -m -we 100
no need to nat/snat at this point.
>
>
> As an analog to LVS, I set up for individual realservers and two vips a
> pair of symetric SNAT/DNAT rules for each realserver, and then was able
> to make this work. I'm not sure where in the packet-processing stream
> for outbound packets LVS picks the packets back up, or if it does at all.
>
>
> So, does my question make sense? I would like realservers for one vip
> to make connections to the vip of another virtual server on the same
> director. Anyone know how?
>
> Fred Clift
>
>
> --
> Fred Clift
> MCS Team Architect
> 801-437-7471
> Verio, and NTT Communications Company
>
>
>
> This email message is intended for the use of the person to whom it has been
> sent, and may contain information that is confidential or legally protected.
> If you are not the intended recipient or have received this message in error,
> you are not authorized to copy, distribute, or otherwise use this message or
> its attachments. Please notify the sender immediately by return e-mail and
> permanently delete this message and any attachments. Verio, Inc. makes no
> warranty that this email is error or virus free. Thank you.
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
