[lvs-users] LVS-Tun to an LVS-Masq ?

Joseph Mack NA3T jmack at wm7d.net
Sat Aug 6 01:36:41 BST 2011

On Fri, 5 Aug 2011, Dave Porter wrote:

> Hey guys,
> I'm sure someone has run into this before, but I couldn't 
> find anything searching.

well no. You might be the first.

(I haven't looked at the other poster's reply. He might have 
already solved the problem.)

> Global Loadbalancer GVIP --> Regional LoadBalancer RVIP --> Real Servers RIP
>      -->     -->
> I'm using LVS-Tun (ipip)  from the Global to the 
> Regionals, then the Regionals run masquarading to the Real 
> Servers.
> In other words, the regional load balancer listens on 
> (and needs to for the health checks to work 
> from the global), but packets arrive from the global with 
> destination

which is how LVS-DR and LVS-Tun are supposed to work.

> - these are ignored by the regional as there is no 
> 'application' listening there.

As far as the GLB is concerned, the RLB is a realserver 
listening on the GVIP. You need two things on the RLB

o a set of ipvsadm rules accepting packets to the GVIP and 
sending them by LVS-NAT to 192.168.1.x

o something on the RLB that will accept a packet to the 
GVIP. This is going to require a little trickery, but 
nothing too fiendish. The state of the art as it was a 
couple of years ago is here


>From memory, probably the simplest is to put the GVIP on a 
(any) device (lo, dummy, some ethX) on the RLB. Since the 
location of the RLB will not be receiving advertisements for 
the GVIP (they'll only be sent to the location of the GLB), 
then you won't have to handle the ARP problem at the RLB.

> I can solve the issue by tunnelling the GVIP:port 
> combination to the RVIP:port within the Regional box 
> itself, but this seems a bit of a messy solution?

I'm not sure what you want to do here, but it sounds like 
you'll be bypassing the load balancing of the GLB.


