[lvs-users] Connecting to VIP from Real Servers

Stephen Amadei stephenamadei at hotmail.com
Wed Aug 20 21:05:32 BST 2008


 
That's the interesting rub with my setup... the realserver and database are not on the same network, as they are on separate vlans.  Both real servers, both load balancers and the switch in between all this is vlan'd.  The four Linux servers use 802.1q trunks.
 
To diagram...  
 
                                  GW 1.1.1.1
                                         |
    1.1.1.2                  VIP 1.1.1.10 for http port                     1.1.1.3
       LB1----------------1.1.1.20 for mysql port------------------LB2  10.0.1.2 vlan 100        vlan 100 GW: 10.0.1.1                  10.0.1.3 vlan 100
  10.0.2.2 vlan 200        vlan 200 GW: 10.0.2.1                  10.0.2.3 vlan 200
         |                                                                                  |
     ----------------------------Cisco 2950----------------------------
         |                                                                                  |
         |                                                                                  |
  Real Server 1                                                                   Real Server 2
  10.0.1.11 listen http vlan 100                        10.0.1.12 listen http vlan 100
  10.0.2.11 listen mysql vlan 200                     10.0.2.12 listen mysql vlan 200
 
All networks are /24s.
 
As best as I understand...  Both Real Servers are configured to use the 1.1.1.20 mysql server.  Packet 10.0.1.11->1.1.1.20 via 10.0.1.1.  I assume this gets NAT'd as 1.1.1.2.  The LB forwards this to one of the real mysql servers.  1.1.1.20->10.0.2.2, but the dest is the NAT address 1.1.1.2.  It does its work and sends the packet back... 10.0.2.2->1.1.1.2 via 10.0.2.1.  Then it gets unNAT'd back to the real server... 
1.1.1.2->10.0.1.2.
 
Of course, this doesn't work.
 
I think the problem is that my NAT rule is not working due to the packet coming from the inner interface... but I am likely wrong.  ;-)
 
Stephen
> From: daniel.watson at myra.com> To: stephenamadei at hotmail.com> Date: Wed, 20 Aug 2008 11:46:48 -0700> Subject: Re: [lvs-users] Connecting to VIP from Real Servers> > >>I assume you have some sort of web application that uses a database. Why> >>not have you're both RS web apps using a MySQL connection to localhost.> >>Then you modify UltraMonkey to use not a simple tcp check, but a much> >>deeper app-levle check, that check as well the db connection. In case of> >>an issue with the DB, the RS will be de-activated, and will only remain> >>the RS that has a healthy DB connection.> > >Actually, that is what I am running right now... but I really wanted to> >be able to run MySQL separate from HTTP... just in case I end up with a> >situation where HTTP is broken on server A and MySQL is broken on server> >B.> >> >Stephen> > This is probably a routing issue.> From outside your network the data path looks like> Client -> vip -> loadbalancer -> realserver -> database> Client <- vip <- LB <- Realserver <- database> When you try to load balance the database server it goes like this> > Client -> vip -> LB -> RS -> vip -> LB -> Database> Client x vip x lb x RS <- database> > Since the realserver and database are on the same network the database is sending directly> to the realserver. While the realserver is expecting a reply from the vip.> So this cannot work with nat, and probably not work with most other configs.> They all rely on the load balancer being the man in the middle to twiddle the packets.> > -dan
_________________________________________________________________
Get ideas on sharing photos from people like you.  Find new ways to share.
http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008


More information about the lvs-users mailing list