Can you show me or point me to the packet flow diagram which describes where ipvs hooks up to the incoming packets and where iptables/netfilter hook up to the packets.
On Fri, Feb 13, 2009 at 1:40 AM, Graeme Fowler <[email protected]> wrote: > On Thu, 2009-02-12 at 18:06 -0800, Praveen Sooryanarayana wrote: > > Yes, it's on the real servers. And the LVS also works fine. > > But... > > > Also, if I send requests to <Virtual ip>:8080, everything works fine. > > Your original message says: > > > Output of ipvsadm -L -n: > > > > IP Virtual Server version 1.2.1 (size=4096) > > Prot LocalAddress:Port Scheduler Flags > > -> RemoteAddress:Port Forward Weight ActiveConn InActConn > > TCP 10.10.50.100:8080 rr > > -> 10.10.50.11:8080 Route 1 0 0 > > -> 10.10.50.12:8080 Local 1 0 0 > > ...and... > > > iptables -t nat -A PREROUTING -p tcp -d 10.10.50.100 --dport 80 -j > > DNAT --to 10.10.50.100:8080 > > Taken together, this implies that the rule is running on the *director* > and not on the realservers such that an incoming packet to the VIP hits > the director on port 80, gets mapped to 8080 and then load balanced > (this is what you want, isn't it?). > > It won't work on a number of counts: > > 1. netfilter and ipvs hook packets in different places in the traffic > flow. It's rarely possible to mangle a packet with DNAT and then get > ipvs to pick it up, because the packet has already traversed the ipvs > hook and been missed [Joe, remind me sometime to work up that packet > flow diagram]. > > 2. You're using gate, or LVS-DR. This means the realservers respond > directly to the clients - and if they're responding from port 8080, the > responses will be ignored by the clients as they expect a response from > port 80. > > I'd say that in this case, although it increases the complexity a bit, > you'd be better off making Tomcat listen on port 80 or make use of > Apache's mod_jk to hook Apache on port 80 and Tomcat on 8080 together. > > Graeme > > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - [email protected] > Send requests to [email protected] > or go to http://lists.graemef.net/mailman/listinfo/lvs-users > _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
