[lvs-users] Problem with LVS-TUN different network -- Is this still impossible

Graeme Fowler graeme at graemef.net
Fri Mar 7 08:52:21 GMT 2008 

On Fri, 2008-03-07 at 12:20 +0530, hirantha wrote:
> Basically I don't administrate the firewalls, routers on the realserver resides ISP. I think this is obvious -- 
> most of people doesn't have network control on the ISP. But I can tell them the situation. I would like to know what 
> would be on firewalls and routers to be eligible to establish lvs-tun. What should I tell them..?

The people administering the networks that the realservers live on need
to allow egress (outbound) traffic from the VIP for LVS-TUN to work.

Using TUN, the realservers reply directly to the clients:

http://www.linuxvirtualserver.org/VS-IPTunneling.html

If you have realservers on networks controlled by different providers,
they probably won't advertise the VIP to their peers or permit traffic
from the VIP to leave their network, especially if their upstreams apply
filters to the announcements they receive. It would be seen as a form of
spoofing.

You can ask them to, but I suspect the answer will be no.

Graeme

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list