Questions about LVS-TUN
Bill Omer
bill.omer at gmail.com
Tue Dec 12 17:55:48 GMT 2006
Currently I am using LVS-DR with much successes. One part I would
like to build upon is the real's dependencies' on iptables using the
nat table to accept VIP traffic. I would like to find a way to allow
the reals to accept VIP traffic without any modifications to the
real's them selfs.
I am using the following on all of my reals to access traffic with a DST of VIP:
iptables -t nat -A PREROUTING -d VIP -p tcp --dport 0:65535 -j REDIRECT
Scenario (assuming wlc):
A real boots but for some reason, the iptables are not applied. Now
mon/keepalived sees the real is now responding again and re-adds the
server back to the ipvsadm table. Since this real doesn't have any
active connections, all new connections are routed to this real.
Since the iptable rules did not run, now the service the client is
trying to access is completely unavailable.
I am not able use LVS-NAT in my environment. I would like to find a
way to have VIP traffic routed to the reals without needing any
modifications to the reals them selfs, much like commercial load
balancers work.
Is LVS-TUN able to do this? Would the reals require a tunl0 interface
as well as the director?
More information about the lvs-users
mailing list