LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] lvs-nat directly connect real server

from [Joseph Mack NA3T] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] lvs-nat directly connect real server
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Wed, 12 Dec 2007 07:42:24 -0800 (PST) 
On Wed, 12 Dec 2007, Jason Ledford wrote:

> Let me try again, sorry.
>
> One network, one nic, lvs-nat setup.  And the director and 
> real servers are in the same subnet (all ips start with 
> the same 3 octets), for example vip=10.37.2.9, 
> dip=10.37.2.6, rip1=10.37.2.51, rip2=10.37.2.52.  Lvs 
> works just fine outside of that subnet (when the first 3 
> octets of the ip differ from the dip, rip, vip), for 
> example, CIP=10.12.1.100.

I assume you've read the one-network LVS-NAT writeup


> I am trying to load balance the smtp service running on 
> RIP's 10.37.2.51 and 10.37.2.52.  These servers have other 
> things I need to get to without being load balanced, like 
> the web based configuration for each real server and ssh. 
> But I can only connect to those services when in the same 
> subnet as the RIP, 10.37.2.XX, I can't connect when in a 
> different subnet from the RIP, like when I am connecting 
> to the RIP from CIP and connecting to port 22, tcpdump 
> shows me I have reached the server but the connection 
> never makes it back to my client.

one-network LVS-NAT rearranges the routing, which might be 
responsible for this. In general, for security, LVS is 
designed so that the outside world doesn't see the 
realservers. You could do the LVS-NAT setup, changing the 
routing for only the port being LVS'ed, rather than all 
ports, although this will be a bit of work.

> It seems like (and I am 
> no network guru) that when on the CIP I connect to my 
> local gateway and get passed to the 10.37.2.XX subnet and 
> then to my RIP, my RIP then tries to talk back to me thru 
> my DIP and half of my connection is going thru the DIP and 
> the other half is going directly thru the switch and the 
> connection stalls (I could be completely wrong though).

you'd have to make the DIP the default gw only for packets 
with the port being LVS'ed. There's example code to show how 
to route by port in my lvs-configure script.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [lvs-users] lvs-nat directly connect real server, Jason Ledford
Next by Date:  Re: [lvs-users] recommendations on stonith?, Dan Yocum
Previous by Thread:  Re: [lvs-users] lvs-nat directly connect real server, Jason Ledford
Next by Thread:  [lvs-users] LVS Uses, Bryan Richardson
Indexes:  [Date] [Thread] [Top] [All Lists]