ldirectord with multiple networks

Hoffman, Jon Jon.Hoffman at acs-inc.com
Wed Oct 11 19:51:49 BST 2006


I fully understand your response but it does not make sense as to why I can
not masqurade the request to the real server.
For example:
To really strip things down, say I have the following
Client: 192.168.10.10
ldirectord server:  192.168.10.250
real server:  172.18.1.200, 172.18.1.201, 172.18.1.202

The client makes a request to 192.168.10.250, 192.168.10.250 then makes the
request to one of the real servers but (according to my tcpdump) the request
appears to come from the Client (192.168.10.10) therefore the real server
tries to send the request directly back to the client.  Is there a way to
make the request appear to come from the 192.168.10.250 so the real server
sends the request back to the ldirectord server rather then the client?  It
just seems like there should be a way to do this.
Am I missing something in the documentation?
Thanks again for any help y'all can provide.
Jon  

-----Original Message-----
From: lvs-users-bounces at LinuxVirtualServer.org
[mailto:lvs-users-bounces at LinuxVirtualServer.org]On Behalf Of Joseph
Mack NA3T
Sent: Wednesday, October 11, 2006 1:34 PM
To: LinuxVirtualServer.org users mailing list.
Subject: Re: ldirectord with multiple networks


On Wed, 11 Oct 2006, Hoffman, Jon wrote:

> I have two networks that are physcally located in different locations
(lets
> say city X and city Y).  In city X we have our web servers, run by our
team
> there.  In city Y we have our load balancer that we are tring to set up as
a
> demo to show how LVS works.  We can not set our default gateway of our web
> servers to be the load balancer because we are trying to test LVS and can
> not take our web servers out of production to test a new load balancer.
And
> we want to see the load balancing working with our present servers.
> What is happening is our client makes a request to our load balancer, the
> load balancer (ldirectord) sends the request to our web server and the web
> server responses directly back to the client, who has no idea why that
> server is sending the packet to it.

You've got to let the director do its job (and you aren't).

In LVS-NAT the packets need to go back through the director. 
Your webservers are accepting packets directly from the 
internet and from the director. The realservers don't know 
how to differentiate the replies - do they send the packets 
to the director or to the router. If you could arrange for 
the director to accept a slice of the internet (say 
200.x.x.x or some worknet you have local to the director), 
then you could set up routing for the realserver to send all 
replies to 200.x.x.x through the director.

You can't use LVS-DR as the realservers aren't on the same 
segment.

You can use LVS-Tun, but then you need realservers with 
tunneling, and the routers at city X,Y need to allow out 
packets from the VIP, which despite Malcolm's concerns, you 
should be able to do if you pay the bills.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
Send requests to lvs-users-request at LinuxVirtualServer.org
or go to http://www.in-addr.de/mailman/listinfo/lvs-users


More information about the lvs-users mailing list