Using LVS to replace Netscaler Load Balancer

[Rob]

Bill Omer wrote:
>> Thanks for your response Bill.
>> Just to clarify a few points. You need the iptables magic with your setup
>> because you're using LVS-DR, but the DIP's and RIP's are not on the same
>> subnet, so it's not as simple as rewriting the MAC and leaving putting 
>> the
>> packet on the wire?
>>
>> If so, I'll get to work on upping my iptables foo.
>>
>> Philip
> 
> 
> Hi Philip
> 
> To clerify, in my setup the VIP, RIP and CIP are all on the same
> subnet.  When a packet comes in to the RIP, assuming the RIP is bound
> to a Linux server, the OS will drop the packet if the DEST is not
> equal to any IP address that are bound to any interfaces on the
> server.  There has to be configuration done on the real server in
> order for the OS to accept that packet.   This is one big difference
> between a custom LVS solution vs using a Netscaler.
> 
> To do this, you need to use iptables to accept that traffic.  See
> section 17 on the LVS HOWTO
> 
> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.transparent_proxy.html 
> 
> 
> -Bill

Hi,

I may be missing something - I have several LVS-DR setups (www, smtp, dns):
* Real servers are Linux 2.6 and Windows 2K/2K3.
* VIP and RIP are on the same subnet
* VIPs are added to the director as IP aliases, as usual.
* Real Servers have the VIP address on the loopback interface on
   Linux and Windows, as usual.
* No special routes are added to the director or real servers.
* all machines have iptables turned completely off
* all machines use the (OpenBSD) firewall as the default router.
* Clients on the same subnet, other internal subnets and from outside the
   firewall can access the LVS system, no problem.

Maybe you don't need to duplicate the same method that the Netscalar uses
in order to get a system to work for you, or am I missing something?

Rob