Questions about LVS-TUN

Joseph Mack NA3T jmack at wm7d.net
Tue Dec 12 18:20:24 GMT 2006 

On Tue, 12 Dec 2006, Bill Omer wrote:

> Currently I am using LVS-DR with much successes.  One part I would
> like to build upon is the real's dependencies' on iptables using the
> nat table to accept VIP traffic.  I would like to find a way to allow
> the reals to accept VIP traffic without any modifications to the
> real's them selfs.
>
> I am using the following on all of my reals to access traffic with a DST of 
> VIP:
> iptables -t nat -A PREROUTING -d VIP -p tcp --dport 0:65535  -j REDIRECT

This may not be doing what you want. As of the 2.4 kernels 
the packet doesn't arrive with IP==VIP anymore. See the 
HOWTO for transparent proxy. This is OK for squids but not 
for LVS.

> Scenario (assuming wlc):
> A real boots but for some reason, the iptables are not applied.

You want LVS to handle both iptables applied/not applied? 
You haven't explained why so I don't know how important this 
is. If it's an error situation, then you're better off 
fixing the error at its cause, than handling it later. No 
machine should be in a state where iptables hasn't been run, 
if you told it to run.

> Now
> mon/keepalived sees the real is now responding again and re-adds the
> server back to the ipvsadm table.  Since this real doesn't have any
> active connections, all new connections are routed to this real.

rr helps here. Still the thundering herd problem has to be 
handled in user space (until someone writes a fix).

> Since the iptable rules did not run, now the service the client is
> trying to access is completely unavailable.
>
>
> I am not able use LVS-NAT in my environment.  I would like to find a
> way to have VIP traffic routed to the reals without needing any
> modifications to the reals them selfs, much like commercial load
> balancers work.

maybe I don't understand your situation, but unless you 
handle the arp problem, traffic will go to the realservers.


> Is LVS-TUN able to do this?

I don't know what "this" is.

> Would the reals require a tunl0 interface
> as well as the director?

for LVS-Tun, only the realserver requires a tunl0 device 
(the director doesn't because traffic is one-way).

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list