Am Donnerstag, 17. Oktober 2013, 08:48:23 schrieb Ulrich Windl: > Hi! > > I'm not subscribed to the list, so I hope someone will receive it anyway: > > I could pretty well use LVS for a load-balance, high-availability scenario > like distributing SMTP requests to different servers, but the setup seems > so complicated that I won't do.
OK. <Dear reader: please insert your own thoughts here> > Reading the documentation, I felt that the > NAT (masq) mechanism would be the most elegant for my requirements. However > as it tuned out it did not work (as for many others). How did you get the implression that it does not work for many others? > The reason is simple: The reason, it does not work for _you_. > LVS rewrites the destination TSAP (IP address and port), but it leaves the > source TSAP unchanged. So any replies from a real server go to the original > sender, instead of the LVS host. Yes. This behaviour is well documented. > The proposed solution is to set the LVS host as default gateway on any real > server. This has several problems: 1) You create a SPoF on the LVS host > 2) You create a network bottleneck on the LVS host (_all_ traffic from a > real goes to the LVS host which must be a router) 3) If LVS host and real > server are not in the same subnet, you cannot route from the real server to > the LVS directly 4) You cannot have two different LVS hosts that use > different services on the same real host You hit the nail on the head. > I reall wonder why you don't rewrite the source TSAP (in addition to the > destination TSAP) as well so that the sender of the packet seems to be the > LVS host. This feature is well documented here: http://blog.loadbalancer.org/enabling-snat-in-lvs-xt_ipvs-and-iptables/ I think this is included already in later kernel versions. But google a little bit. > On a second rewrite the LVS destination TSAP would be rewritten > to the original requester. I feel this would work like a charm: 1) The real > server will reply to the LVS host automatically > 2) Only LVS traffic needs to go through LVS host > 3) LVS host does not need to be a router (after rewriting the destination, I > think) 4) LVS host and real server can be in different subnets > 5) You can use one real server from different LVS hosts > > Did I overlook something that makes this impossible or impractical? No. That is why people implemented it already. -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0162) 1650044 Fax: (089) 620 304 13 _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
