[lvs-users] Another question while I'm at it about SSL termination on the director.

[Joseph Mack NA3T]

On Thu, 1 May 2008, lists wrote:

>
> At the moment I can do SSL termination with pound, then hand off localy
> to HaProxy for cookie insertion and load balancing:
> Pound -> HaProxy -> Real Servers
> x.x.x.10:443 -> x.x.x.10:80 -> Real Servers
>
> But I'd like to do :
> Pound -> LVS -> Real Servers
> x.x.x.10:443 -> x.x.x.10:80 -> Real Servers

VIP:443->VIP:80?

> But the Pound process on the director can't access Real servers via the
> local LVS set up at x.x.x.10:80?

hmm. I would have thought that Pound does this

VIP:443->Pound->VIP:80

At the moment I don't understand how the packets are doing

x.x.x.10:443 -> x.x.x.10:80

Independant of that, your posting indicates that a packet 
dst_addr=VIP:80 arrives on the realserver. If you have 
something listening on VIP:80, then you don't need to send 
it back to the director for loadbalancing.

> Is this the local node problem?

no

> I've tried in NAT and DR mode.
> Is their anyway I can get LVS to pick up a local request i.e. wget
> x.x.x.10:80  (from local console) picks up data from a real server?

how are you doing the local request. Do you want the above 
wget request to go to the director? This isn't possible, as 
you have the VIP on the realserver (you know all this).

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!