LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] LVS Source NAT question: address pool?

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS Source NAT question: address pool?
Cc: Patrick Schaaf <netdev@xxxxxx>
From: "George B." <georgeb@xxxxxxxxx>
Date: Thu, 10 Mar 2011 13:14:22 -0800
Thanks for the response, Patrick.

What I have in mind to do is rather unconventional and I wasn't sure how the
lvs rules interact with iptables ... does the traffic hit the LVS rules
first or iptables rules?  That sort of thing.

The idea will be to have a virtual IP and to load balance the traffic on one
port of that IP address to a server farm.  All other traffic to that IP
would be forwarded to another load balancer. Looking in the docs at such
commands as this:

ippfvsadm -A -t 202.103.106.5:21 -R 172.16.0.3:21



It seemed like the ippfsadm rule looks suspiciously like iptables and I was
wondering if it replaced iptables or exactly where it fits in from the
perspective of traffic flow.

So basically, I need to:

1. Load balance traffic on 192.0.2.1 port 1234
2. Destination NAT all other traffic on 192.0.2.1 to 192.0.2.2 and forward
it
3. SNAT load balanced traffic to real servers because >65,000 connections.

So it looks like I have my work cut out for me for a while.



On Thu, Mar 10, 2011 at 1:01 AM, Patrick Schaaf <netdev@xxxxxx> wrote:

>
>
> The source NAT would be iptables job. Sidestepping the question of
> iptables SNAT working with LVS connections, which is a general topic by
> itself, such "address pooling" can be done by making several iptables
> rules in the nat POSTROUTING chain, each of them matching by some
> criteria a subset of all traffic.
>
> I use both of the following schemes, in an outbound (non-LVS) scenario,
> the first one where I want a real source to always be represented by a
> fixed specific changed source address, the second one where I want even
> a single source to use several outgoing source addresses randomly, per
> connection:
>
> By source IP address, four-way, looking at the last two bits of the real
> source:
>
> -A POSTROUTING -s 0.0.0.0/0.0.0.3 -j SNAT --to-source 1.2.3.1
> -A POSTROUTING -s 0.0.0.1/0.0.0.3 -j SNAT --to-source 1.2.3.2
> -A POSTROUTING -s 0.0.0.2/0.0.0.3 -j SNAT --to-source 1.2.3.3
> -A POSTROUTING -s 0.0.0.3/0.0.0.3 -j SNAT --to-source 1.2.3.4
>
> By IP Id, eight way
>
> -A POSTROUTING -m u32 --u32 0x2&7=0x0 -j SNAT --to-source 1.2.4.1
> -A POSTROUTING -m u32 --u32 0x2&7=0x1 -j SNAT --to-source 1.2.4.2
> -A POSTROUTING -m u32 --u32 0x2&7=0x2 -j SNAT --to-source 1.2.4.3
> -A POSTROUTING -m u32 --u32 0x2&7=0x3 -j SNAT --to-source 1.2.4.4
> -A POSTROUTING -m u32 --u32 0x2&7=0x4 -j SNAT --to-source 1.2.4.5
> -A POSTROUTING -m u32 --u32 0x2&7=0x5 -j SNAT --to-source 1.2.4.6
> -A POSTROUTING -m u32 --u32 0x2&7=0x6 -j SNAT --to-source 1.2.4.7
> -A POSTROUTING -m u32 --u32 0x2&7=0x7 -j SNAT --to-source 1.2.4.8
>
> hope this helps
>  Patrick
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>