[lvs-users] LVS-NAT in Linux 2.6
Nick.Couchman at seakr.com
Wed Sep 2 19:55:40 BST 2009
The docs on the web site seem to be a little bit out of date, so I figured I'd hit the mailing list to try to find some help with my problem. First, here's what I'm trying to do:
- I have a half-dozen Windows-based virtual machines (XEN) that I need to load-balance between. In the past, I've been using the direct route method, but I've run into some issues - some very strange behavior (like my IPVS director deciding to send out RSET packets to all of the clients at seemingly random intervals).
- The IPVS director is also a Xen domU (VM), running SuSE Linux.
Having had issues in the past with the DR method, I decided to try my luck at the NAT method. So, I enabled IP forwarding on my director:
added a virtual IP address:
ifconfig eth0:2 <virtual IP>
added an iptables nat rule:
iptables -t nat -A POSTROUTING -s 172.16.34.0/24 -j SNAT --to-source <virtual IP>
and updated the IPVS service table:
ipvsadm -A -t <virtual IP>:1234 -s wlc
ipvsadm -a -t <virtual IP>:1234 -r 172.16.34.10:1234 -m -x 1
Inside this particular Windows machine, I set the default route to the IP of the directory (172.16.34.1). If I ping an IP address elsewhere on my network, packets appear to be routed correctly and a look at the output of "iptables -t nat -nvL" shows the packet counters for the rule I added in the POSTROUTING table incrementing properly. However, if I try to connect to the virtual IP address on the port 1234, the connection never gets established. A packet dump shows the traffic going from the source machine (my laptop) to the director, and then being passed on the Windows machine. I also see return packets from the Windows machine go back to the IPVS director, however, after that they just get "lost" - the counters in iptables do not increment, nor do the packets ever show up on the outside interface. Is there something I'm doing wrong to get this setup to work? I'm following the configuration guide for the 2.4 kernel stuff from the linuxvirtualserver.org web site, since this is the closest I can find to current kernel versions.
This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR.
More information about the lvs-users