LVS-NAT and BIND
stepedino at bhsoftware.com
Fri Jun 1 15:08:31 BST 2007
On Fri, 2007-06-01 at 08:18 -0400, Chad Morland wrote:
> I have one ldirectord with the VIP of 10.10.1.101 and so far only one RS
> with the IP of 10.10.1.198.
Seems you're using LVS NAT where your director and real servers are on
the same network, so what's happening is that the query comes in to the
director, gets routed to the real server, then the real server either
can directly reply to the client (If your client is on the same network
as well) or the real server's gateway is the gateway for the 10.10.1.0
network, so it's able to send the packet directly back to the client.
The client's expecting a response from the director, where it sent the
query, but instead is getting the response from the real server.
You'll either need to A: Put the real servers on their own network
behind the real servers (the proper configuration for LVS NAT) or you'll
need to configure for LVS DR, which would require some ARP fixing on the
real servers and binding of the VIP to localhost (Also on the real
servers). Which you choose depends on your network setup...
> $ dig @10.10.1.101 tor.prod
> ;; reply from unexpected source: 10.10.1.198#53, expected 10.10.1.101#53
> ; <<>> DiG 9.2.4 <<>> @10.10.1.101 tor.prod
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
> real=10.10.1.198:53 masq
> Is this a BIND misconfig or something to do with LVS /udp packets?
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Sal Tepedino <stepedino at bhsoftware.com>
More information about the lvs-users