[lvs-users] Load balancing outgoing traffic

Eric Spiteri eric.spiteri at c-s.fr
Tue Feb 5 16:14:54 GMT 2008 

Perhaps you can use the iptable nth filter to apply the right SNAT

Best regards

Greg a écrit :

>Joseph Mack NA3T a écrit :
>  
>
>>nice ascii diagram :-)
>>
>>Not sure what you're doing yet. I take it that your clients 
>>are out on the internet. Are the 1.1.2.x machines routers?
>>Why are you SNAT'ing on the outside of the director? Why do 
>>you want to fiddle with the routing of outgoing packets - 
>>are the routing tables not doing what you want?
>>  
>>    
>>
>
>I want to do the staff that LVS do :
>internet client ---> LB server with LVS ---> round-robin internal server 
>NATed
>
>but in reverse order :
>
>internal server ---> LB server with round-robin SNAT ip ---> internet server
>
>lartc is not able to do this job, lartc is simply routing traffic, so 
>internal server A will always use route A, and not round-robin around 
>routes A,B,C,D ...
>
>
>iptables was to do that with SNAT but with kernel up to 2.6.10 :
>
>   SNAT
>       This target is only valid in the nat table, in the POSTROUTING chain.  It specifies that the source address of the packet should be modified (and all future packets in
>       this connection will also be mangled), and rules should cease being examined.  It takes one type of option:
>
>       --to-source  ipaddr[-ipaddr][:port-port]
>              which can specify a single new source IP address, an inclusive range of IP addresses, and optionally, a port range (which is only valid if the rule also  speci‐
>              fies  -p  tcp or -p udp).  If no port range is specified, then source ports below 512 will be mapped to other ports below 512: those between 512 and 1023 inclu‐
>              sive will be mapped to ports below 1024, and other ports will be mapped to 1024 or above. Where possible, no port alteration will
>
>              In Kernels up to 2.6.10, you can add several --to-source options.  For those kernels, if you specify more than one source address, either via an  address  range
>              or  multiple  --to-source  options,  a simple round-robin (one after another in cycle) takes place between these addresses.  Later Kernels (>= 2.6.11-rc1) don’t
>              have the ability to NAT to multiple ranges anymore.
>
>       --random
>              If option --random is used then port mapping will be randomized (kernel >= 2.6.21).
>
>
>
>
>  
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: eric.spiteri.vcf
Type: text/x-vcard
Size: 128 bytes
Desc: not available
Url : http://lists.graemef.net/pipermail/lvs-users/attachments/20080205/c4bb8c01/attachment.vcf

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list