On Fri, Jul 02, 2010 at 09:48:20AM +0200, Anders Franzen wrote: > > > On Thu, 2010-07-01 at 16:05 +0200, Kristoffer Egefelt wrote: > > Hi list > > I've been working around this issue for years using split DNS, DNAT > > rules which bypasses LVS etc. - now I really need this to work the > > "correct" way, ie. realservers can connect to VIP's the exact same way > > internet clients can. > > > > While Graeme Fowler's solution at: > > > > http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.lvs_clients_on_realservers.html#do_you_need_lvs_clients_on_the_realserver > > > > from 2005 probably works, it still seems (to me anyway ;) that this is > > a bit long-winded when dealing with a lot of realservers and VIP's. > > > > If anybody have found a better / easier solution, or can recommend > > which solution would be the best, I would be very interested. > > All kinds of solutions will be appreciated, including buying more > > interfaces, even lvs servers etc... > > > > Thanks :-)
I wonder if using Full NAT support, which I am trying to get merged, is an answer to this. http://archive.linuxvirtualserver.org/html/lvs-devel/2010-05/msg00000.html > I also have a problem with this, and doing it in a generic way, without > messing to much with the real-servers. > > I've seen somewhere that removing the VIP ownership from the LB and > using FW-mark to throw traffic at the LVS might help. > > I also think that LVS should be network name space aware, since that > would be one way of separating the realserver and LVS, this would help > when running realservers on the director so its not for your case. That does sound like it is worth investigating furhter. > And when I'm still on it, anybody know's why Julians send2self patch > never made it into the kernel. It is configurable per device so it > should not do any harm. > > I'm using it myself, but a tweeked it a bit inorder to be able to send > messages out on the interface owning the dest address instead of going > to loopback. > > Very useful if you want to have a centralized Firewalling and dont want > traffic between co-located applications bypass the fw. I believe a similar feature by Patrick McHardy was recently merged, though I can't remember the details at this moment. _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
