Re: [lvs-users] One realserver must connect to services to other realservers (routing problem).

[Markus Hofer <hofmarkus@xxxxxxxxx>]

Solution are:

1. Change host entry for services to other realserver.
     Negative:
     Problem is if you have a lot of services with different DNS-Names an
     you have to insert every new services in every realserver (or make 
a little DNS-Server in the realserver-net), but it isn't
    nice.

2. Julian's solution removes the local routing (as done for one network 
LVS-NAT 
<http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#one_network>)
 
and forces every packet to pass through the director. The director 
therefore masquerades (rewrites) src_addr=RIP_2 to VIP and realserver_1 
accepts the request. This puts extra netload onto the director.

            +-------------+
            |<vip>     |
            |  director   |
            +-------------+
             |^         |^
          ans||      req||ans
             v|req      v|
   +-------------+     +-------------+
   |<rip1>      |     |<rip2>      |
   |  Realserver |     |  Realserver |
   |  = client   |     |  = server   |
   +-------------+     +-------------+

Look at: 
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.lvs_clients_on_realservers.html
and
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.lvs_clients_on_realservers.html

Negative:
- Every traffic goes over the Loadbalancer (director)
        - every backup
        - every rsync
         - every ssh, scp
- I couldn't logon via SSH from one realserver to another. I must insert this 
with a internal service on director.


3. Make NAT on realserver:
Look at:
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.lvs_clients_on_realservers.html

Jacob's solution:
The solution proposed here does not put that extra load onto the director.
However each realserver always contacts itself (which isn't a problem).
Put the following entry into each realserver.
Now the realservers can access the httpd on RIP as if it were on VIP.
                
realserver#  iptables -t nat -A OUTPUT -p tcp -d $VIP --dport 80 -j DNAT --to 
${RIP}:80

Negative:
- The logic of the loadbalancer (directory) you insert in the realserver
- you must do it for every service and
- for every different ip


4. It is not possible to insert a iptable-rule on director "every traffic from 
the realserver-net -->  (to) the realserer-net (from one
    realserver to another realserver)" so that this traffic receive a NAT URL, 
then the traffic goes back from realserver-2 to director and
    than to realserver-1:

    Like that:
    IPTABLES:         -A POSTROUTING (or PREROUTING??) -s 
192.168.0.0/255.255.255.0 -p tcp -j SNAT --to-source 192.168.200.5


            +-------------+
            |<vip>     |        192.168.200.15 (service meteo.example.com)
            |  director   |     192.168.200.5 (virtual IP)
            +-------------+
             |^         |^
          ans||      req||ans
             v|req      v|
   +-------------+     +-------------+
   |<rip1>      |     |<rip2>      |
   |  Realserver |     |  Realserver |
   |  = client   |     |  = server   |

  192.168.0.10          192.168.0.20

Negative:
- nothing (or i can't find it)

Positive:
- only one entry to change the settings
- only the VIP traffic goes from realserver-1<-->  VIP<--->  realserver-2

Regards,
Markus


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users