Hi, I anticipated this question and should have answered this before it was asked. In a nutshell, the two websites that need to communicate with one another are owned by different entities that may not be aware they are on the same cluster. So website 1 needs to be able to call website 2 without any knowledge of the underlying infrastructure.
I'd like to back up to one of my original configurations that works - for just a minute or so! Perhaps there is an ARP issue I need to resolve in that configuration. When I said it was a fairly stock setup, well that's not entirely true. I actually have two private nets connected to the real servers. 192.168.1.x which I call a "management net" that lets me access the real servers even if LVS routing is off, and 192.168.2.x which handles the LVS traffic. The default gateway is on the 192.168.2.x (LVS) router net. I have a routing tabled defined to 192.168.1.x and a rule that any traffic originating from the 192.168.1.x interface is routed via 192.168.1.1. ex: (the real server is 192.168.1.104, here are the if-cfg rules and routes defined) rule-eth1: from 192.168.1.104 table InternalNet route-eth1: default table InternalNet via 192.168.1.1 This works fine and is nice to have so that I can run some local traffic between machines on a private net. Now, I add this next rule trying to solve the problem of real servers as clients (assuming xxx.xxx.xxx.xxx/26 is my "live" IP network range). route-eth1: xxx.xxx.xxx.xxx/26 via 192.168.1.1 dev eth1 This will direct requests for the VIPs out the 192.168.1.x interface via 192.168.1.1. That happens to be another simple NAT firewall, whose public IP is in the same public subnet as the VIPs. When I put this in, and restart the network on the real server, I CAN use lynx on a real server to browse a website on the public IP address. The request goes OUT the 192.168.1.x InternalNet, via 192.168.1.1, NATs out to the public side and makes the request to the VIP on the LVS director. Reply presumably comes full circle back out the LVS director, back through my 192.168.1.1 firewall and into the real server via 192.168.1.104. But after a minute or so, the connection breaks down and will begin to timeout. Suggestions? Thanks, James On Thu, Nov 26, 2009 at 5:50 AM, Graeme Fowler <[email protected]> wrote: > On Wed, 2009-11-25 at 20:17 -0800, James H wrote: >> Suggestions? > > See the section in the HOWTO on "realservers as clients". It's a > difficult one to solve, and adds extra complexity to the system. > > Here's a thought for you, though - why do the internal requests need to > be load balanced? If the service is located on all of the realservers, > can it not just be called locally? > > Graeme _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
