|
David,
One obvious way to solve this is to DO NAT on the inside load balancer
(LVS-NAT).
If you configured it this way, then return traffic would always go to
the correct load balancer. Perhaps it is a bit ham-fisted, but it is
quick and simple to build.
Ryan
On Fri, 2006-07-07 at 09:06 -0700, David Lang wrote:
> On Fri, 7 Jul 2006, Joseph Mack NA3T wrote:
>
> > On Thu, 6 Jul 2006, David Lang wrote:
> >
> >> I have been diging in the list archives for the last hour without finding
> >> the answer so I'm asking directly.
> >>
> >> in 2001 this post
> >> http://archive.linuxvirtualserver.org/html/lvs-users/2001-01/msg00322.html
> >
> > I just reread this post. I don't understand why all the firewalls are where
> > they are (are they just there and you have to fit in with the pre-existing
> > system, or is this optimal for a setup whose purpose I don't understand).
> > As
> > well the poster doesn't seem to understand the packet flow of LVS (or I
> > don't
> > understand his posting). With this as input to the mailing list, he's
> > guaranteed an answer of "no".
> >
> >> I'm not finding it in the several hunder posts that I've read that google
> >> found for me in the list archives, could someone point out where to find
> >> the information? (this would be a good addition to the wiki for the
> >> examples page as well)
> >
> > How about a description of your system and an explanation of why the
> > firewalls aren't transparent,
>
> the firewalls are transparent, they are just packet filters (think iptables
> firewalls). there is no NAT takeing place anywhere.
>
> the issue I don't think you are understanding is that we aren't trying to
> load
> balance the servers behind the firewalls, we are trying to load balance the
> firewalls themselves
>
> so you have
>
> Internet
> | |
> switch--------------switch
> | |
> load balancer load balancer
> | |
> switch--------------switch
> | |
> firewall firewall
> | |
> switch--------------switch
> | |
> load balancer load balancer
> | |
> switch--------------switch
> | | | | | | | | | | |
> servers
>
>
> the servers themselves are NOT load balanced (at least for the purposes of
> these
> discussions, any load balanceing that they have is done by seperate equipment)
>
> the outside load balancers need to make a decision on which firewall to send
> the
> traffic through
>
> the packets are sent through that firewall, and then go to the load balancer
> on
> the inside which routes them to the server, the server responds and the
> outbound
> traffic hits the inside load balancer, it needs to send the response packets
> back to the same firewall that the inbound packets came through or the
> firewall
> will reject them
>
> does this clarify things?
>
> I had thought that the origional post that I refrenced described the problem
> fairly well which is why I didn't go through everything again in my post.
>
> David Lang
>
> >> P.S. count this as a vote against having a subscribers-only list. I almost
> >> decided it wasn't worth it and didn't subscribe to send this message. the
> >> last thing I need is yet another mailing list filling my inbox when I just
> >> need a simple answer
> >
> > Subscribing to a mailing list for what you hope is a simple answer to a
> > simple question is a real pain indeed. However if you've searched several
> > hundred postings and not found an answer, you can only conclude that the
> > problem is trivial or hasn't been solved. You should be prepared for a
> > complicated answer. You say what you don't want, but you don't give us any
> > information about what would work for you. We're happy to help, but we
> > can't
> > do anything with a statement like this.
>
> given that the response to the later post was a simple 'yes we can do it,
> search
> the archives' I expected the response to be a simple 'here it is' or
> something
> like that.
>
> > Joe
> >
> >
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
|
