SNAT Confusion

[Rodre Ghorashi-Zadeh]

Hello,

For my application the first request, from the initial client on the 
internet, comes in as an http request and hits the VIP and gets loadbalanced 
via LVS-NAT as intended. The second request, from the real server, is an 
LDAP request that get's sent to an LVS-DR VIP to perform authentication as 
part of the initial client connection. I need the 2nd layer of load 
balancing more for high availability than for actual balancing of the load. 
This is a requirement that I can't get around, therefore I have no choice 
but to face any dificulties in getting it to work. What are these 
difficulties?

Also, on a side note, at the risk of sounding like I am critiquing LVS 
(which I am not, I have been a big fan and user for years and have 
implemented it over an appliance from a big name 9 times out of 10), I read 
somewhere that since LVS's inception into the mainstream Kernel that it 
"sit's on top of the Netfilter framework". If this is true then one would 
think that: if what goes up, in this case the packet flow, must come down, 
then one would logically think that if the packets traverse the iptables 
PREROUTING and INPUT tables, then they would also come down the OUTPUT and 
POSTROUIING tables as well on their way out of the system. Again, I don't 
want to sound like I am critisizing LVS at all but the 
framework/architechture does'nt seem complete. Just an opinion, and I hope 
that I didn't offend anybody especially in my time of need. Thanks.

~Rodre

>From: Joseph Mack NA3T <jmack at wm7d.net>
>Reply-To: "LinuxVirtualServer.org users mailing list." 
><lvs-users at LinuxVirtualServer.org>
>To: "LinuxVirtualServer.org users mailing list." 
><lvs-users at LinuxVirtualServer.org>
>CC: jkrzyszt at tis.icnet.pl
>Subject: Re: SNAT Confusion
>Date: Sat, 17 Mar 2007 17:23:55 -0700 (PDT)
>
>On Fri, 16 Mar 2007, Rodre Ghorashi-Zadeh wrote:
>
>>Hello,
>>
>>I have been able to get the "Janusz" patch to work on Fedora 
>>2.6.19-1.2288.2.4.fc5, but it looks like my problem still isn't solved. It 
>>looks like this may be the time to explain my setup and requirement:
>>
>>I am in the situation where my real servers are clients of the VIP, and 
>>have the potential to loop back via the director onto themselves. It is 
>>not a problem if:
>>
>>realserver1 RIP -> Director VIP -> realserver2 RIP
>>
>>or:
>>
>>realserver2 RIP -> Director VIP -> realserver1 RIP
>>
>>but both:
>>
>>realserver1 RIP -> Director VIP -> realserver1 RIP
>>
>>and:
>>
>>realserver2 RIP -> Director VIP -> realserver2 RIP
>>
>>fail miserably.
>
>
>people are always wanting the realserver to be a client of the VIP to 
>balance a 2nd layer of requests. This is a little difficult to do with LVS. 
>Since the first connection is already reasonably balanced, it occurs to me 
>that the 2nd request can just stay on the realserver (eg LVS-DR, when the 
>VIP is on the realserver). Possibly the 2nd connection won't be perfectly 
>balanced, but for the trouble you have to go to, to get it balanced, would 
>it be balanced well enough?
>
>Joe
>
>--
>Joseph Mack NA3T EME(B,D), FM05lw North Carolina
>jmack (at) wm7d (dot) net - azimuthal equidistant map
>generator at http://www.wm7d.net/azproj.shtml
>Homepage http://www.austintek.com/ It's GNU/Linux!
>_______________________________________________
>LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
>Send requests to lvs-users-request at LinuxVirtualServer.org
>or go to http://www.in-addr.de/mailman/listinfo/lvs-users

_________________________________________________________________
Get Out Of The House - Ski, Skate & Sun 
http://local.live.com/?mkt=en-ca/?v=2&cid=A6D6BDB4586E357F!147