From: Yann Dupont (Yann.Dupont_at_univ-nantes.fr)
Date: Tue 06 Sep 2005 - 18:04:46 BST
Or I hope, not so...
Well this question is not purely vservers-related, this is more a
routing problem.
Anyway i'm trying here before going to netdev or so...
The context :
I'm deploying a LVS cluster at the moment. The realservers ARE vservers.
All my vservers have 2 @IP ; One for responding to the LVS director,
the other for anything else.
I have 4 mostly identical hosts, with some vservers (almost identical on
the 4 hosts) deployed in :
webmail, ldap, imap servers.
They have 192.xx for eth0 (the LVS side)
and 172.xx for eth1 (The Intranet side)
The LVS has virtual IP public 172.yy and a different port for each service.
and also 192.xx network for the realserver side.
The Intranet side of the vservers (172.xx) and the Virtual IP of the VS
(172.yy) are not on the same network, there is a routeur between them.
I use different tables for the routing (ip rule) on the host and in
general, this is working well, EXCEPT for one case :
Let's go for a scenario:
The problem is when a vserver (say the webmail) is serving a client. The
connection is initiated by a client, via the LVS director.
the vserver is serving the request via eth0 (LVS side), because of an ip
rule. that's ok.
then he needs to authentifiate on the LDAP, which is also an LVS service.
The request go via eth1 , and is routed to the LVS director.
We go via LVS for the second time.
The LVS directs this request on 1 of the 4 realservers(vserver) and
masquerade the destination to the realserver choosen.
If the realserver choosen is on the same physical machine that the
client (the webmail), then there is a problem :
I have a direct route beetween the 2, because the 2 vservers (the client
& the realserver) are on the same host.
And no matter what ip rule I can put, the rule 0 (the local table) still
seems to have precedence and WANT to make a direct routing.
With this direct routing, the packet isn't demasqueraded , and the
packet is dropped.
I'm quite sure there is an easy way to treat that but I'm stuck :(
Removing the network (172.xx) on the local table isn't enough, because I
still have the local @IP on table 0.
If iI try to remove the IP on local table, I have some strange error
messages (oops ?) from the kernel ...
And definitivelu lose the routing, even if put thoses routes on another
table ... Is this table 0 so special ??
IS there someone here that has a slight idea how to solve that kind of
problem ??
I can provide much more details, as this mail is probably not very easy
to understand.
Any help would be greatly appreciated.
-- Yann Dupont, Cri de l'université de Nantes Tel: 02.51.12.53.91 - Fax: 02.51.12.58.60 - Yann.Dupont_at_univ-nantes.fr_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver