On Thu, 2008-09-04 at 17:43 -0500, David Dyer-Bennet wrote: > After taking Xen out of the picture on the LVS node, and a failing attempt > to use the "configure" script, setting up via piranha following the Redhat > instructions sort of worked. I get connections to one realserver or the > other, and other connections hang.
Aha, you may be better off asking the Piranha-related questions on the relevant Redhat mailing list(s): https://www.redhat.com/mailman/listinfo/piranha-list https://www.redhat.com/mailman/listinfo/linux-cluster > None of the realservers can ping out. Is this normal? I'm using the NAT > setup, partly because I thought it would allow the realservers to connect > out (normal NAT setups that I'm familiar with support outward > connections!). Once I get past basic testing, the applications on the > realservers will have to connect to databases and things which aren't of > course on the private network. Also the realservers currently have an > interface directly connected to the outside network; shouldn't *that* > provide outside connectivity? Or is it the source of my problems? Do the > realservers *have to* be totally isolated behind the LVS nodes? On the realservers, the default route *must* be via the notional "inside" interface of the director for LVS-NAT to work. If the default route goes a different way, then the traffic returning to the client is not un-NATted correctly and may result in a hung connection. There is an exception, however: if the clients come from a small, known, pool of addresses (which may apply in your case) then there must be a route back from the clients to that network range (or those ranges) via the director so that un-NATting can happen. Other traffic - such as that sourced from the realserver for example for OS updates - can go whichever way you want it to, and in fact I normally make it my practice to ensure that the traffic emanating from the realservers for this type of operation doesn't appear to come from the VIP anyway. In summary: for NAT to work, traffic back to clients must go via the director. Graeme _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
