ldirectord deficiency with fwmarks+tun

jarol1@seznam.cz J.Libak at sh.cvut.cz
Wed Dec 13 14:06:11 GMT 2006 

Jaroslav Libák wrote:
> If you use ldirectord with a fwmark virtual service with TUN, then you can't do any reasonable checks.
> Lets suppose I have 2 realservers with apache+tomcat (with ip based virtual hosts), 1 fwmark virtual service to bundle 80,443 and 2038 together. Then when I specify something like this in ldirectord.cf (this is not my actual file, but it shows the deficiency)
>
> virtual=1
>         real=192.168.6.4 ipip
>         real=192.168.6.5 ipip
>         service=http
> 	checkport=80
> 	checktype=negotiate
>         request="index.html"
>         receive="Test Page"
>         scheduler=wrr
>
> ldirectord will send requests to 192.168.6.4 and 192.168.6.5 where nothing is listening because I use ipbased virtual host and the VIP address is on the tunl0 interface on the real servers. From what I have read, you cannot convince ldirectord to encapsulate the http request to a packet that is sent to 192.168.6.4 then decapsulated and sent to the tunl0 VIP if you use fwmark service. If you use tcp virtual service with port 0 then it will work, but if you need fmwark then there is no way to specify the VIP.
>
> So I see only 3 possibilities:
> 1.) I have missed something and it is possible to monitor a certain VIP on a certain host with fwmark + tunneling with ldirectord.
> 2.) It's not possible and I have to write a patch for ldirectord to add setting for VIP for monitoring the service
> 3.) I have to use standard tcp virtual service with port 0 (so everything will be forwarded to realservers).
>
> Any ideas?
>
> Jaro
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
>   
I found a workaround using DNAT on the realservers. Ldirectord sends 
http requests to a high destination port to RIP, which get translated to 
port 80, VIP once they arrive in real server. This way it is possible to 
monitor the apache IP based virtual hosts.

Jaro

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list