[lvs-users] multi-port persistence for http/https - unclear documentation

Tomasz Chmielewski mangoo at wpkg.org
Sun Nov 25 00:48:13 GMT 2012


Hi,

I'm trying to follow the documentation here to set up multi-port (http/https) persistence, with LVS-DR:

1) http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.services.multi-port.html
2) http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.fwmark.html#e-commerce_fwmark


However, it doesn't make much sense to me.

First, 2), under "25.6.2. iptables for 2.4 director" mentions:

director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d 192.168.2.110/32 \
	--dport http -j MARK --set-mark 2
director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d 192.168.2.110/32 \
	--dport https -j MARK --set-mark 2

This would set the *same* mark 2 for ports 80 and 443.

Then, how will LVS distinguish between what needs to be sent where?

I.e. this snippet of ldirectord config:

virtual = 2
     protocol = fwm
     scheduler = wlc
     persistent = 300
     real = server1:80 gate 20
     real = server2:80 gate 20
     real = server3:80 gate 20
     real = server4:80 gate 20
     virtualhost = example.com
     request = "/ping/"
     receive = "ALIVE"
     service = http


will cause the traffic to be sent to port 80.

But it will also send there (to port 80) all traffic incoming to port 443, since it has the same mark.

So:
- connections to port 80 will go to some realserver, port 80 (good)
- connections to port 443 will go to some realserver, port 80 (bad!)


Can you point where my reasoning is incorrect, and how should I use LVS to make sure traffic for 80/443 is always sent to the same real server?



-- 
Tomasz Chmielewski
http://blog.wpkg.org




More information about the lvs-users mailing list