Re: [vserver] Loopback issues

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Sat 01 Sep 2007 - 01:11:07 BST
Message-ID: <20070901001107.GB11052@MAIL.13thfloor.at>

On Mon, Aug 27, 2007 at 11:21:15AM +0800, Jeff Williams wrote:
> Herbert Poetzl wrote:
> >
> >> Mike
> >>
> >>> Note that when the packet is addressed to 4.3.2.1 you need to use
> >>> the mac address, otherwise the packet will not leave the lb.
> >>>
> >>> Ports don't help as they only come into it after the the host has
> >>> been found.
> >>>
> >
> > in general, you might want to look into the details for
> > the linux network stack and rethink your setup, because
> > it sounds like you actually want higher network overhead
> > to satisfy a theoretical setup with not too much practical
> > purpose ... YMMV

I had to copy back in this part, as somebody removed
it along the way (of this thread :)

>> The scenario is this:
>>
>> I have a load balanacer (lb) sitting in front of some servers, one of
>> which is a vserver host. One of the load balanced services is mail, and
>> it has the virtual IP of 4.3.2.1 on lb. The vserver host contains 2
>> vservers: one for web with ip 1.2.3.4 and one for mail with ip 1.2.3.5.
>> There is a separate mail server with ip 1.2.3.6. Mail traffic coming to
>> the ip 4.3.2.1 gets distributed between 1.2.3.5 and 1.2.4.6. These
>> servers need to have a hidden interface with the ip 4.3.2.1 so that they
>> accept the packets forwarded by lb.

> I am just trying to work out a way of getting vservers to work with our
> existing load balancing setup. If we call the IPs for services on the
> load balancer "virtual" and the machines actually providing those
> services "real", then our current setup requires that the virtual IP
> from the load balancer also exists on the real server on a private (not
> responding the arps) interface. This is the equivalent of
> http://www.linuxvirtualserver.org/VS-DRouting.html.

assuming the description given above is accurate, the
problems you try to solve are like this (correct me if
I'm wrong)

 - mail server A (192.168.1.25) on the Host X
 - mail server B (192.168.2.25) on a separate Machine (Y)
 - web server (192.168.1.80) on the same Host X
 - load balancer which uses 10.0.0.25 for both mail servers
   (separate hardware, not on Host, Z)

and the web server, should use the 10.0.0.25 to reach
_a_ mail server, which will be decided by the load balancer
(could be 192.168.1.25 or 192.168.2.25)

IMHO, to achieve this, only a few things are necessary:

 - assign the 10.0.0.25 IP to the loadbalancer
 - assign the 192.168.x.25 ips to the mail servers
 - have the web server use the 10.0.0.25 IP
 - have the load balancer distribute (and of course
   track and NAT) 10.0.0.25 to the 192.168.x.25 ips

so, this doesn't involve any special setup on the Host
(Linux-VServer or network wise) to get the desired effect,
unless, you want to put the load balancer on the same
Host, which makes it a different game to play ...

please try to describe the problem in more detail,
and/or try to give some arguments for this specific
setup, whatever it might be ...

TIA,
Herbert

> The idea of the non-arp interface is that the real servers will accept
> traffic bound for the virtual IP, but not announce the IP to other real
> servers, and therefore not receive the traffic directly. When the real
> server is a vserver, the vserver host routes all traffic from any of the
> vservers to the real server, avoiding the load balancer. I understand
> _why_ this happens on the vserver host, but I need some practical way of
> getting the load balancing to work. So this means either 1) keeping the
> load balancer setup and doing something to the networking on the vserver
> host so that traffic to the virtual IP's goes out on the wire, or 2)
> Changing the load balancing setup to something that works more easily
> with vserver. Help towards either of these goals is much appreciated:)
>
> In the meantime, I'll be trying to get 1) working using the iptables
> route rules from Thomas Weber's thread.
>
> Jeff
Received on Sat Sep 1 01:11:18 2007

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 01 Sep 2007 - 01:11:23 BST by hypermail 2.1.8