[lvs-users] multi-port persistence for http/https - unclear documentation

David Coulson david at davidcoulson.net
Sun Nov 25 01:12:44 GMT 2012


If you use gateway/DR mode, it will not rewrite the IP packet (just the Ethernet headers to send it to the real server). So it will go the same port (as well as destination IP) as the original packet.

Did you actually try the config and have a problem, or are you just assuming it won't work?

David


On Nov 24, 2012, at 7:48 PM, Tomasz Chmielewski wrote:

> Hi,
> 
> I'm trying to follow the documentation here to set up multi-port (http/https) persistence, with LVS-DR:
> 
> 1) http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.services.multi-port.html
> 2) http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.fwmark.html#e-commerce_fwmark
> 
> 
> However, it doesn't make much sense to me.
> 
> First, 2), under "25.6.2. iptables for 2.4 director" mentions:
> 
> director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d 192.168.2.110/32 \
> 	--dport http -j MARK --set-mark 2
> director:# iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d 192.168.2.110/32 \
> 	--dport https -j MARK --set-mark 2
> 
> This would set the *same* mark 2 for ports 80 and 443.
> 
> Then, how will LVS distinguish between what needs to be sent where?
> 
> I.e. this snippet of ldirectord config:
> 
> virtual = 2
>     protocol = fwm
>     scheduler = wlc
>     persistent = 300
>     real = server1:80 gate 20
>     real = server2:80 gate 20
>     real = server3:80 gate 20
>     real = server4:80 gate 20
>     virtualhost = example.com
>     request = "/ping/"
>     receive = "ALIVE"
>     service = http
> 
> 
> will cause the traffic to be sent to port 80.
> 
> But it will also send there (to port 80) all traffic incoming to port 443, since it has the same mark.
> 
> So:
> - connections to port 80 will go to some realserver, port 80 (good)
> - connections to port 443 will go to some realserver, port 80 (bad!)
> 
> 
> Can you point where my reasoning is incorrect, and how should I use LVS to make sure traffic for 80/443 is always sent to the same real server?
> 
> 
> 
> -- 
> Tomasz Chmielewski
> http://blog.wpkg.org
> 
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
> 
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users





More information about the lvs-users mailing list