[lvs-users] vip-to-vip connection between two sets of realservers with one director?

Fred Clift fclift at verio.net
Thu Apr 22 00:09:52 BST 2010


All,


Lets say hypothetically I have a director with two vips.  The vips 
represent different services, different areas of responsibility, etc. 
This isn't my actual case, but as an example, they could be a front-end 
web-server and a back-end database server.  But one director for both 
sets of realservers.


For this simple example, lets say that I currently only have one 
realserver for each virtual-server/vip.



I'm doing LVS/NAT.  I would like to have the web-server connect to the 
vip representing the database virtual server and have the connection 
work.  I'm also doing an SNAT rule for each virtual server on the 
director to ensure that outbound traffic from the realservers appear to 
come from the vip of the virtualserver.

It doesn't work of course.  Or I wouldn't be asking - how can I make 
this work?  Ideally, if I could do a PREROUTING SNAT rule, I think I 
could make it work, but iptables says 'no' to that.  I'm wondering if I 
could do some kind of SNAT POSTROUTING rule on the realservers to do 
something special, or if there is a better/different way.


As an analog to LVS, I set up for individual realservers and two vips a 
pair of symetric SNAT/DNAT rules for each realserver, and then was able 
to make this work.   I'm not sure where in the packet-processing stream 
for outbound packets LVS picks the packets back up, or if it does at all.


So, does my question make sense?  I would like realservers for one vip 
to make connections to the vip of another virtual server on the same 
director.  Anyone know how?

Fred Clift


-- 
Fred Clift
MCS Team Architect
801-437-7471
Verio, and NTT Communications Company



This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free.  Thank you.




More information about the lvs-users mailing list