On Fri, Jul 02, 2010 at 09:48:20AM +0200, Anders Franzen wrote:
>
>
> On Thu, 2010-07-01 at 16:05 +0200, Kristoffer Egefelt wrote:
> > Hi list
> > I've been working around this issue for years using split DNS, DNAT
> > rules which bypasses LVS etc. - now I really need this to work the
> > "correct" way, ie. realservers can connect to VIP's the exact same way
> > internet clients can.
> >
> > While Graeme Fowler's solution at:
> >
> > http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.lvs_clients_on_realservers.html#do_you_need_lvs_clients_on_the_realserver
> >
> > from 2005 probably works, it still seems (to me anyway ;) that this is
> > a bit long-winded when dealing with a lot of realservers and VIP's.
> >
> > If anybody have found a better / easier solution, or can recommend
> > which solution would be the best, I would be very interested.
> > All kinds of solutions will be appreciated, including buying more
> > interfaces, even lvs servers etc...
> >
> > Thanks :-)
I wonder if using Full NAT support, which I am trying to get merged, is an
answer to this.
http://archive.linuxvirtualserver.org/html/lvs-devel/2010-05/msg00000.html
> I also have a problem with this, and doing it in a generic way, without
> messing to much with the real-servers.
>
> I've seen somewhere that removing the VIP ownership from the LB and
> using FW-mark to throw traffic at the LVS might help.
>
> I also think that LVS should be network name space aware, since that
> would be one way of separating the realserver and LVS, this would help
> when running realservers on the director so its not for your case.
That does sound like it is worth investigating furhter.
> And when I'm still on it, anybody know's why Julians send2self patch
> never made it into the kernel. It is configurable per device so it
> should not do any harm.
>
> I'm using it myself, but a tweeked it a bit inorder to be able to send
> messages out on the interface owning the dest address instead of going
> to loopback.
>
> Very useful if you want to have a centralized Firewalling and dont want
> traffic between co-located applications bypass the fw.
I believe a similar feature by Patrick McHardy was recently merged,
though I can't remember the details at this moment.
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|