Re: [lvs-users] Load balancing ipsec connections

[Steve Madel <smadel@xxxxxxxxxxxxxxx>]

Ok.  So I have gone down this path a bit further.  Here is where 
everything stands.

 From my load balancer I can use nc and connect to udp port 500on my 
ipsec termination server.  Here is my lvs config for the ipsec server 
behind the load balancer.

virtual ipsec {
      active = 1
      address = 192.168.1.10 eth0:7
      vip_nmask = 255.255.255.0
      fwmark = 86
      port = 500
      persistent = 300
      use_regex = 0
      load_monitor = none
      scheduler = sh
      protocol = udp
      timeout = 5
      reentry = 0
      quiesce_server = 0
      server ipsectest {
          address = 192.168.2.10
          active = 1
          weight = 1
      }
}

In the logs I am seeing

nanny[11139]: READ to 192.168.2.10:500 timed out

so it looks like the nanny process doesn't relize that port 500 is open.

Any ideas or suggestions?


On 02/27/2013 02:36 PM, Steve Madel wrote:
> I am trying to figure out a way to use lvs to load balance ipsec
> connections. I already have other services running smoothly on lvs
> (HTTP, HTTPS), but can't find anything about load balancing ipsec
> connections.  Any ideas?
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users