Hello LVS Community. I have been searching interweb and reading the lists for a few days now and have yet to find concrete examples on how to do what I have in my head.
I already have a stable production environment using LVS DR with Keepalived. As of now I am only using VIPs for HTTP, SMTP, HTTPS and other well known services. There is a project on the table requiring the addition of VPN real servers to the network. The idea is have VPN clients connect to a VIP and terminate their VPN connections with the VPN real servers behind the LVS (tunnel mode). I would like to load balance these incoming IPSEC connections to the VPN servers on the internal network. For example, client one terminates a VPN connection to VPN1, client two terminates a VPN connection to VPN2, client three terminates a VPN connection to VPN1, and so on. The LVS is not going to run IPSEC VPN software only route and distribute the traffic. >From what I understand in order to have the LVS load balance IPSEC client requests I will need to recompile the Linux Kernel and add "ESP load balancing support (IP_VS_PROTO_ESP)"? Please correct me if I am wrong here. If this is so then it is not an option I can chose and will have to move on to the next plan. Another option I read about was to use iptables FWARK on the LVS. The examples show only TCP services. I can't find any configuration with someone passing protocol 50, UDP 4500 and 500 through the LVS to one or more real servers. Can someone share a detailed configuration or point me to some detailed documentation? Thanks in advanced. HM _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
