[lvs-users] multi-port persistence for http/https - unclear documentation

Tomasz Chmielewski mangoo at wpkg.org
Sun Nov 25 11:52:29 GMT 2012


On 11/25/2012 03:12 AM, David Coulson wrote:
>
> If you use gateway/DR mode, it will not rewrite the IP packet (just
> the Ethernet headers to send it to the real server). So it will go
> the same port (as well as destination IP) as the original packet.
>
> Did you actually try the config and have a problem, or are you just
> assuming it won't work?

Hi,

with my current setup, I'm pretty sure port :80 may get directed to one 
realserver, while port :443 may be directed to a different one.

I use marking in iptables, since some directors may be realservers, too.
My ldirectord config is as follows (251 and 2510 - marks made with 
iptables):

virtual = 251
      protocol = fwm
      scheduler = wlc
      persistent = 300
      real = server1:80 gate 20
      real = server2:80 gate 20
      real = server3:80 gate 20
      real = server4:80 gate 20
      virtualhost = example.com
      request = "/ping/"
      receive = "ALIVE"
      service = http

virtual = 2510
      protocol = fwm
      scheduler = wlc
      persistent = 300
      real = server1:443 gate 20
      real = server2:443 gate 20
      real = server3:443 gate 20
      real = server4:443 gate 20
      virtualhost = example.com
      request = "/ping/"
      receive = "ALIVE"
      service = https


Am I correct to think that to use multi-port persistence, I'd have to 
use just one iptables mark, and the following ldirectrd config:

virtual = $NEW_MARK
      protocol = fwm
      scheduler = wlc
      persistent = 300
      real = server1:0 gate 20
      real = server2:0 gate 20
      real = server3:0 gate 20
      real = server4:0 gate 20
      virtualhost = example.com
      request = "/ping/"
      receive = "ALIVE"
      service = https


(basically, one mark in iptables, and :0 as a port in ldirectord config).

Let me know if that would be correct?


-- 
Tomasz Chmielewski
http://blog.wpkg.org




More information about the lvs-users mailing list