[lvs-users] Do newer LVS implementations allow hairpinning?

Robinson, Eric eric.robinson at psmnv.com
Thu Mar 12 16:09:20 GMT 2009


The client computer and the realserver are both on the same segment
connected to the director's eth1. (MOST client computers are on the
other side of the director on eth0.) The VS is configured on eth0 in
LVS-NAT mode. Clients on the "outside" connect through the director to
the RS fine. The one client on the inside cannot connect through the VS
on eth0. It just times out. I looked into this once before and it has to
do with icmp redirects, local routing, ARPs, and so on. Bottom line is
that the client's SYN packet gets redirected through LVS, but the
server's SYN-ACK goes straight to the client since they are both on the
same segment. The client ignores it because it comes from the wrong IP
address. You're right... the "newer implementations" comment was muddy
thinking. 

--
Eric Robinson


-----Original Message-----
From: lvs-users-bounces at linuxvirtualserver.org
[mailto:lvs-users-bounces at linuxvirtualserver.org] On Behalf Of Joseph
Mack NA3T
Sent: Wednesday, March 11, 2009 4:43 AM
To: LinuxVirtualServer.org users mailing list.
Subject: Re: [lvs-users] Do newer LVS implementations allow hairpinning?

On Tue, 10 Mar 2009, Robinson, Eric wrote:

> Do newer LVS implementations allow hairpinning requests back out the 
> same interface they arrived on? In other words, if my load balancer 
> has virtual services listening on its eth0, and the realservers are on

> eth1, is it possible for a client computer on eth1

a client computer can be attached to any NIC on the director.

> to connect to the VS on eth0 and be redirected back to one of the RS's

> on eth1?

Provided you haven't done something to block the routing, it should
work. I don't know what "newer LVS implementations" 
has to do with this

Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot)
net - azimuthal equidistant map generator at
http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's
GNU/Linux!

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
Send requests to lvs-users-request at LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


Disclaimer - March 12, 2009 
This email and any files transmitted with it are confidential and intended solely for LinuxVirtualServer.org users mailing list.. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of . Warning: Although  has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. 
This disclaimer was added by Policy Patrol: http://www.policypatrol.com/




More information about the lvs-users mailing list