About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Wed 07 Sep 2005 - 03:05:16 BST


On Tue, Sep 06, 2005 at 07:04:46PM +0200, Yann Dupont wrote:
> Or I hope, not so...
>
> Well this question is not purely vservers-related, this is more a
> routing problem.
> Anyway i'm trying here before going to netdev or so...
>
> The context :
> I'm deploying a LVS cluster at the moment. The realservers ARE vservers.
>
> All my vservers have 2 @IP ; One for responding to the LVS director,
> the other for anything else.
>
> I have 4 mostly identical hosts, with some vservers (almost identical on
> the 4 hosts) deployed in :
> webmail, ldap, imap servers.
>
> They have 192.xx for eth0 (the LVS side)
> and 172.xx for eth1 (The Intranet side)
>
> The LVS has virtual IP public 172.yy and a different port for each service.
> and also 192.xx network for the realserver side.
>
> The Intranet side of the vservers (172.xx) and the Virtual IP of the VS
> (172.yy) are not on the same network, there is a routeur between them.
>
> I use different tables for the routing (ip rule) on the host and in
> general, this is working well, EXCEPT for one case :
> Let's go for a scenario:
>
> The problem is when a vserver (say the webmail) is serving a client.
> The connection is initiated by a client, via the LVS director. the
> vserver is serving the request via eth0 (LVS side), because of an ip
> rule. that's ok.
> then he needs to authentifiate on the LDAP, which is also an LVS
> service. The request go via eth1 , and is routed to the LVS director.
> We go via LVS for the second time. The LVS directs this request on 1
> of the 4 realservers(vserver) and masquerade the destination to the
> realserver choosen.
>
> If the realserver choosen is on the same physical machine that the
> client (the webmail), then there is a problem :
>
> I have a direct route beetween the 2, because the 2 vservers (the
> client & the realserver) are on the same host.
> And no matter what ip rule I can put, the rule 0 (the local table)
> still seems to have precedence and WANT to make a direct routing.
>
> With this direct routing, the packet isn't demasqueraded , and the
> packet is dropped.
>
> I'm quite sure there is an easy way to treat that but I'm stuck :(
>
> Removing the network (172.xx) on the local table isn't enough, because
> I still have the local @IP on table 0.
> If iI try to remove the IP on local table, I have some strange error
> messages (oops ?) from the kernel ...
> And definitivelu lose the routing, even if put thoses routes on another
> table ... Is this table 0 so special ??

yes, the local table is _very_ special and entries there
are handled special too ...

> IS there someone here that has a slight idea how to solve that kind of
> problem ??

you might have a look at the thread around this one:

 http://list.linux-vserver.org/archive/vserver/msg09838.html

> I can provide much more details, as this mail is probably not very
> easy to understand.

> Any help would be greatly appreciated.

HTH,
Herbert

> --
> Yann Dupont, Cri de l'université de Nantes
> Tel: 02.51.12.53.91 - Fax: 02.51.12.58.60 - Yann.Dupont_at_univ-nantes.fr
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 07 Sep 2005 - 03:05:42 BST by hypermail 2.1.3