[lvs-users] problem with setting up a balancer with targets in same subnet as its front

Wed, 17 Feb 2010 01:59:37 -0800 

hi ip_vs* developers ..

i am new to this mailinglist and i'd just like to say first, that
linuxvirtualserver.org is awesome project ..
but back to business now.


i am setting up a load balancer for some services and have no problem
with configuration when balancing between two different subnets,
but i am utterly unable to set it up if want to balance in just one
subnet ..

my common sense says to me, that for one subnet i should use a SNAT, but
it completely omits a snat POSTROUTING rules and balanced
packets come to the targets with original client ip address ..

i have following configuration:

# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.60.252:ldap rr persistent 360
  -> 192.168.100.11:ldap          Masq    1      0          0
  -> 192.168.100.12:ldap          Masq    1      0          0
TCP  192.168.60.252:http rr persistent 360
  -> 192.168.60.78:http           Masq    1      0          1


^^ ldap works for me fine. Weird is, that i am using -m (masquerade)
method even i have completely no masquerade for *:ldap service .. 
its's not working with default gateway method .. but it don't hurt since
it works fine for me ..

*:http service simply does not work with snat with this rule:
iptables -t nat -I POSTROUTING -p tcp -d 192.168.60.78 --dport 80 -j
SNAT --to-source 192.168.60.252

which can be listed using this:
# iptables -t nat -L | sed '/POSTROU/,/^$/!d'
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       tcp  --  anywhere             192.168.60.78       tcp
dpt:http to:192.168.60.252

.. but anyway this rule is completely ommited and snoop on target server
shows:
# snoop -d vnet1 port 80
Using device vnet1 (promiscuous mode)
192.168.60.201 -> 192.168.60.78 HTTP C port=51620
192.168.60.78 -> 192.168.60.201 HTTP R port=51620
192.168.60.201 -> 192.168.60.78 HTTP C port=51620

.. which indicates, that target server tries to reply to client without
using snat on balancer .. 

any help or suggestion will be very appreciated .. thanks and regards
ave, daniel


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - [email protected]
Send requests to [email protected]
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

Reply via email to