[lvs-users] annoying routing problem with a lvs cluster

Thu Mar 1 14:12:48 GMT 2012

You can either snat or run in dr or tun mode. 

Sent from my iPhone

On Mar 1, 2012, at 8:59 AM, Dean Scothern <dean.scothern at eduserv.org.uk> wrote:

> Thank you for your quick reply.
>  
> Whilst snat would work I would prefer not to use it as it hides the source ip of the packets, making applications that use ip access lists more problem atic to configure, eg mailservers. Eventually I would expand the clients to include other networks (internet), and would like log analysis to work.
> I would prefer not to use a proxy and pass magic headers with the remote ip them either.
> The link in question also probably cannot easily apply to redhat/centos 6 as they are based on 2.6.32 kernel and the link mentions 2.6.35, 2.6.36.
> Reading further it might be possible to apply the patch set and rebuild the associated kernel modules.
>  
> To be honest I hoping for some route configuration magicry, I feel so close and surely there must be a way.
>  
> Many Thanks
>  
>  
> From: David Coulson [mailto:david at davidcoulson.net] 
> Sent: 01 March 2012 13:04
> To: LinuxVirtualServer.org users mailing list.
> Cc: Dean Scothern
> Subject: Re: [lvs-users] annoying routing problem with a lvs cluster
>  
> You need to SNAT real server traffic going to your real servers.
> 
> Quick google found this:
> 
> http://blog.loadbalancer.org/enabling-snat-in-lvs-xt_ipvs-and-iptables/
> 
> I'm presuming it's in mainline by now, but I know it's not in RHEL/SuSE yet.
> 
> David
> 
> On 3/1/12 7:55 AM, Dean Scothern wrote:
> Hi,
>  
> I've been experimenting with a slightly non standard lvs cluster arrangement.
>  
> I have a set of combined real servers/real clients (each machine has both services and clients) and two machines running lvs as a cluster.
>  
> All machines are connected directly to the same two networks: frontend and backend.
>  
> The real servers/real clients connect to a service ip on the lvs machines on the frontend network.
> The lvs machines run in masq mode and connect to the real servers/real clients on the backend network.
> I've configured policy routing on the real servers/real clients backend interfaces to return traffic via a second gateway on the lvs hosts.
>  
> This works very well except when a real server/real client connects to its own backend interface via the lvs cluster ip.
> I guessing that the local host route means that instead of returning the traffic via the backend gateway on the lvs it tries to go directly locally.
> Tcpdump appears to support this guess and if I turn on martian logging  I can see the  traffic.
>  
> Initially I thought that reverse path filtering was preventing operation but the problem remained when it was disabled.
> Turning on routing had not beneficial effect either.
>  
> Ideally I would like to setup routing to override the local table when the policy routing rules are applied, but I'm not sure how.
> So far attempts to to do this have failed
>  
> Has anyone managed to  do this?
>  
> Its more of a routing question so apologies for being slightly off topic.
>  
> Best Regards
>  
> Dean Scothern
> Dr Dean Scothern
> Infrastructure
> [Description: Eduserv]
> E: dean.scothern at eduserv.org.uk<mailto:forename.surname at eduserv.org.uk>
>  
> T: +44 (0)1225 474379
>  
> F: +44 (0)1225 474301
>  
> www.eduserv.org.uk<http://www.eduserv.org.uk/>
> Eduserv is a company limited by guarantee (registered in England & Wales, company number: 3763109) and a charity (charity number 1079456), whose registered office is at Royal Mead, Railway Place, Bath, BA1 1SR.
>  
>  
>  
> 
> 
> 
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>  
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users