Thanks for the response, Patrick. What I have in mind to do is rather unconventional and I wasn't sure how the lvs rules interact with iptables ... does the traffic hit the LVS rules first or iptables rules? That sort of thing.
The idea will be to have a virtual IP and to load balance the traffic on one port of that IP address to a server farm. All other traffic to that IP would be forwarded to another load balancer. Looking in the docs at such commands as this: ippfvsadm -A -t 202.103.106.5:21 -R 172.16.0.3:21 It seemed like the ippfsadm rule looks suspiciously like iptables and I was wondering if it replaced iptables or exactly where it fits in from the perspective of traffic flow. So basically, I need to: 1. Load balance traffic on 192.0.2.1 port 1234 2. Destination NAT all other traffic on 192.0.2.1 to 192.0.2.2 and forward it 3. SNAT load balanced traffic to real servers because >65,000 connections. So it looks like I have my work cut out for me for a while. On Thu, Mar 10, 2011 at 1:01 AM, Patrick Schaaf <[email protected]> wrote: > > > The source NAT would be iptables job. Sidestepping the question of > iptables SNAT working with LVS connections, which is a general topic by > itself, such "address pooling" can be done by making several iptables > rules in the nat POSTROUTING chain, each of them matching by some > criteria a subset of all traffic. > > I use both of the following schemes, in an outbound (non-LVS) scenario, > the first one where I want a real source to always be represented by a > fixed specific changed source address, the second one where I want even > a single source to use several outgoing source addresses randomly, per > connection: > > By source IP address, four-way, looking at the last two bits of the real > source: > > -A POSTROUTING -s 0.0.0.0/0.0.0.3 -j SNAT --to-source 1.2.3.1 > -A POSTROUTING -s 0.0.0.1/0.0.0.3 -j SNAT --to-source 1.2.3.2 > -A POSTROUTING -s 0.0.0.2/0.0.0.3 -j SNAT --to-source 1.2.3.3 > -A POSTROUTING -s 0.0.0.3/0.0.0.3 -j SNAT --to-source 1.2.3.4 > > By IP Id, eight way > > -A POSTROUTING -m u32 --u32 0x2&7=0x0 -j SNAT --to-source 1.2.4.1 > -A POSTROUTING -m u32 --u32 0x2&7=0x1 -j SNAT --to-source 1.2.4.2 > -A POSTROUTING -m u32 --u32 0x2&7=0x2 -j SNAT --to-source 1.2.4.3 > -A POSTROUTING -m u32 --u32 0x2&7=0x3 -j SNAT --to-source 1.2.4.4 > -A POSTROUTING -m u32 --u32 0x2&7=0x4 -j SNAT --to-source 1.2.4.5 > -A POSTROUTING -m u32 --u32 0x2&7=0x5 -j SNAT --to-source 1.2.4.6 > -A POSTROUTING -m u32 --u32 0x2&7=0x6 -j SNAT --to-source 1.2.4.7 > -A POSTROUTING -m u32 --u32 0x2&7=0x7 -j SNAT --to-source 1.2.4.8 > > hope this helps > Patrick > > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - [email protected] > Send requests to [email protected] > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
