On Thu August 23 2007 03:45, Jeff Williams wrote:
> Philippe Teuwen wrote:
> >
> >> Thanks, but I don't want to create a private network between the
> >> vservers, rather, I want to assign some ip addresses to one of the
> >> vservers that none of the other vserver will send to directly (not even
> >> via the host). I can't see how I can do this.
> >>
> > private adresses not visible even by the host, that's really the
> > problem...
> >> The scenario is this:
> >>
> >> I have a load balanacer (lb) sitting in front of some servers, one of
> >> which is a vserver host. One of the load balanced services is mail, and
> >> it has the virtual IP of 4.3.2.1 on lb. The vserver host contains 2
> >> vservers: one for web with ip 1.2.3.4 and one for mail with ip 1.2.3.5.
> >> There is a separate mail server with ip 1.2.3.6. Mail traffic coming to
> >> the ip 4.3.2.1 gets distributed between 1.2.3.5 and 1.2.4.6. These
> >> servers need to have a hidden interface with the ip 4.3.2.1 so that they
> >> accept the packets forwarded by lb.
> >>
> > How this distribution is done when you've physical distinct servers?
> > lb forwards packets to ip 4.3.2.1 and mac of 1.2.3.x? even if lb has
> > itself such 4.3.2.1 ip?
> Yes. The lb has the 4.3.2.1 on the customer facing interface and it drop
> the packets onto the 1.2.3.* network with the dest ip of 4.3.2.1 and the
> mac address of the dest server. Requires the lb and real server to be on
> the same layer 2 network.
> >
> > Another idea:
> > Could you do load balancing via ports rather than macs?
> >
> > lb, A and B have all the same IP 4.3.2.1
> > vservers A and B run your mail service respectively on ports 2501 and
> > 2502.
> > lb accepts external packets on port 25 and forward them to "itself" on
> > port 2501 or 2502.
> This doesn't really work. For the mail vserver to get the packet the
> vserver host needs to accept packets for 4.3.2.1 and forward them to the
> mail vserver. Once it does this, it will also route all packets from the
> other vservers to the mail vserver.
>
Do I understand what you are saying?
The first packet causes the MAC address to be entered in the address resolution
table, and once that happens (MAC in AR table) that lookup becomes the controlling
routing?
I think that is the way it is supposed to work, but might be wrong, NAE.
It sounds like you need the same mechanism used to spread the load between
two dial-up lines - both have the same end-point IPs but different MAC addresses.
In addition to assigning an IP(s) to a vserver instance, can you also assign
MAC(s) to a vserver instance? Then, if nothing else, use the bridge tables
to get the desired routing?
After all, it is the MAC that identifies the machine/interface - should it
not also identify the machine/vserver?
Mike
>
> Note that when the packet is addressed to 4.3.2.1 you need to use the
> mac address, otherwise the packet will not leave the lb.
>
> Ports don't help as they only come into it after the the host has been
> found.
>
> Regards,
> Jeff
>
>
Received on Thu Aug 23 13:28:34 2007