[lvs-users] about NAT return path

Martin Wheldon martin.wheldon at greenhills-it.co.uk
Mon Feb 2 10:22:43 GMT 2015


Hi,

Yes, with the SNAT on the real server you should be fine.

Best Regards

Martin

On 2015-02-02 10:12, Yonghua Peng wrote:
> Martin,
>
> What I meant is, the incoming packages implement DNAT by LVS, then
> forward to realserver.
> The outgoing packages implement SNAT, then forward to client.
> Since host A and B have the same VIP (managed by OSPF), after the 
> SNAT,
> the packages seem to be from the same host. Client shouldn't drop 
> them.
>
> Am I right?
> Thanks.
>
>
>   Martin Wheldon wrote:
>> Hi,
>>
>> The DNAT would still need to be reversed. The client will otherwise
>> drop
>> the packet as it won't be from the host it started the connection 
>> with.
>>
>> Best Regards
>>
>> Martin
>>
>> On 2015-02-02 09:59, Yonghua Peng wrote:
>>> If it's just a DNAT forwarding for the incoming packet, I don't 
>>> think
>>> LVS host has to keep the status of the connection.
>>> I am probably wrong, just by curious. And I will test for it.
>>>
>>> Thanks.
>>>
>>> Martin Wheldon wrote:
>>>> Hi,
>>>>
>>>> Because there will be no entry in the NAT table on the second host
>>>> so
>>>> it won't know how to deal with the return packet.
>>>>
>>>> Best Regards
>>>>
>>>> Martin
>>>>
>>>> On 2015-02-02 09:06, Yonghua Peng wrote:
>>>>> Can you tell me why the realserver should use host A as the
>>>>> gateway?
>>>>> since host A and B have the same configure, and share the same 
>>>>> VIP,
>>>>> I
>>>>> was thinking both A and B can be setup as the gateway.
>>>>>
>>>>> Thanks.
>>>>>
>>>>>     Ivan Havlicek wrote:
>>>>>> No, if a transaction start via LVS host A, the realserver need 
>>>>>> to
>>>>>> use
>>>>>> this host as gateway to respond.
>>>>>> This is the normal for a NAT.
>>>>>
>>>>> _______________________________________________
>>>>> Please read the documentation before posting - it's available at:
>>>>> http://www.linuxvirtualserver.org/
>>>>>
>>>>> LinuxVirtualServer.org mailing list -
>>>>> lvs-users at LinuxVirtualServer.org
>>>>> Send requests to lvs-users-request at LinuxVirtualServer.org
>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Please read the documentation before posting - it's available at:
>>>> http://www.linuxvirtualserver.org/
>>>>
>>>> LinuxVirtualServer.org mailing list -
>>>> lvs-users at LinuxVirtualServer.org
>>>> Send requests to lvs-users-request at LinuxVirtualServer.org
>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>
>>>
>>> _______________________________________________
>>> Please read the documentation before posting - it's available at:
>>> http://www.linuxvirtualserver.org/
>>>
>>> LinuxVirtualServer.org mailing list -
>>> lvs-users at LinuxVirtualServer.org
>>> Send requests to lvs-users-request at LinuxVirtualServer.org
>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>
>>>
>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list - 
>> lvs-users at LinuxVirtualServer.org
>> Send requests to lvs-users-request at LinuxVirtualServer.org
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - 
> lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
> !DSPAM:31,54cf4d55101351582769714!




More information about the lvs-users mailing list