ldirectord deficiency with fwmarks+tun

Jaroslav Libák jarol1 at seznam.cz
Tue Dec 12 20:56:58 GMT 2006 

If you use ldirectord with a fwmark virtual service with TUN, then you can't do any reasonable checks.
Lets suppose I have 2 realservers with apache+tomcat (with ip based virtual hosts), 1 fwmark virtual service to bundle 80,443 and 2038 together. Then when I specify something like this in ldirectord.cf (this is not my actual file, but it shows the deficiency)

virtual=1
        real=192.168.6.4 ipip
        real=192.168.6.5 ipip
        service=http
	checkport=80
	checktype=negotiate
        request="index.html"
        receive="Test Page"
        scheduler=wrr

ldirectord will send requests to 192.168.6.4 and 192.168.6.5 where nothing is listening because I use ipbased virtual host and the VIP address is on the tunl0 interface on the real servers. From what I have read, you cannot convince ldirectord to encapsulate the http request to a packet that is sent to 192.168.6.4 then decapsulated and sent to the tunl0 VIP if you use fwmark service. If you use tcp virtual service with port 0 then it will work, but if you need fmwark then there is no way to specify the VIP.

So I see only 3 possibilities:
1.) I have missed something and it is possible to monitor a certain VIP on a certain host with fwmark + tunneling with ldirectord.
2.) It's not possible and I have to write a patch for ldirectord to add setting for VIP for monitoring the service
3.) I have to use standard tcp virtual service with port 0 (so everything will be forwarded to realservers).

Any ideas?

Jaro

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list