LVS-NAT with public address space
ratz at drugphish.ch
Tue Jul 20 05:37:24 BST 2004
> I am having problems with LVS-NAT and iptables running on the same
> director. For some reason iptables rules that do static NAT for traffic
> originating from a real server quit working after some time.
Could you be a little more specific on "quit working after some time",
please? I'm referring to (but not exclusively): kernel version, iptables
version, your rules, your setup, dmesg, tcpdump traces on both director
interfaces for one connection attempt, ...
> One thought that came to mind is to give real servers real ip address
> space. This would eliminate the need to NAT connections originating from
> the real servers, instead just plain routing is needed on the director.
> One problem remains that now I need a floating address on both sides of
Apologies for my ignorance but what is a "floating address"? Do you mean
a routeable/public address/IP?
> the director, the original floating address used by the real servers as
> default gateway and a floating address on the external side of the
> director to route traffic for the real server network to. How can I do
You don't need routeable IP addresses inside the LVS collision domain
(read: the phyiscal network consisting of the LVS' internal interface
and all connected RSs), you can overlay as many public address spaces on
top of a private one as you want. Plus keep in mind that for LVS-DR the
director is not the DGW anymore.
This is a preferred solution anyway, as you can do locally based health
checks over a private network but route "real" traffic over a virtual
routeable network which is overlayed. It's a matter of setting up your
FIB correctly on the director and the RS.
Roberto Nibali, ratz
More information about the lvs-users