ldirectord with multiple networks
Jon.Hoffman at acs-inc.com
Wed Oct 11 19:51:49 BST 2006
I fully understand your response but it does not make sense as to why I can
not masqurade the request to the real server.
To really strip things down, say I have the following
ldirectord server: 192.168.10.250
real server: 172.18.1.200, 172.18.1.201, 172.18.1.202
The client makes a request to 192.168.10.250, 192.168.10.250 then makes the
request to one of the real servers but (according to my tcpdump) the request
appears to come from the Client (192.168.10.10) therefore the real server
tries to send the request directly back to the client. Is there a way to
make the request appear to come from the 192.168.10.250 so the real server
sends the request back to the ldirectord server rather then the client? It
just seems like there should be a way to do this.
Am I missing something in the documentation?
Thanks again for any help y'all can provide.
From: lvs-users-bounces at LinuxVirtualServer.org
[mailto:lvs-users-bounces at LinuxVirtualServer.org]On Behalf Of Joseph
Sent: Wednesday, October 11, 2006 1:34 PM
To: LinuxVirtualServer.org users mailing list.
Subject: Re: ldirectord with multiple networks
On Wed, 11 Oct 2006, Hoffman, Jon wrote:
> I have two networks that are physcally located in different locations
> say city X and city Y). In city X we have our web servers, run by our
> there. In city Y we have our load balancer that we are tring to set up as
> demo to show how LVS works. We can not set our default gateway of our web
> servers to be the load balancer because we are trying to test LVS and can
> not take our web servers out of production to test a new load balancer.
> we want to see the load balancing working with our present servers.
> What is happening is our client makes a request to our load balancer, the
> load balancer (ldirectord) sends the request to our web server and the web
> server responses directly back to the client, who has no idea why that
> server is sending the packet to it.
You've got to let the director do its job (and you aren't).
In LVS-NAT the packets need to go back through the director.
Your webservers are accepting packets directly from the
internet and from the director. The realservers don't know
how to differentiate the replies - do they send the packets
to the director or to the router. If you could arrange for
the director to accept a slice of the internet (say
200.x.x.x or some worknet you have local to the director),
then you could set up routing for the realserver to send all
replies to 200.x.x.x through the director.
You can't use LVS-DR as the realservers aren't on the same
You can use LVS-Tun, but then you need realservers with
tunneling, and the routers at city X,Y need to allow out
packets from the VIP, which despite Malcolm's concerns, you
should be able to do if you pay the bills.
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
Send requests to lvs-users-request at LinuxVirtualServer.org
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
More information about the lvs-users