[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-virtual-server
Subject:    Re: Re: LVS Director as default gw?
From:       "Aihua Liu" <liuah () langchaobj ! com ! cn>
Date:       2003-05-22 9:54:39
[Download RAW message or body]

> On Thu, May 22, 2003 at 09:56:16AM +0100, Malcolm Turnbull wrote:
> > > Horms,
> > > As I know, the lvs director with NAT rewrites the destination IP
> > > address for incoming packets and rewrites the source IP address
> > > for outgoing packets. Thus real server must set lvs director as
> > > default gateway.
> > > 
> > > Now I wonder if the lvs director can rewrite both destination IP
> > > address and source IP address for all packets. Example, director
> > > replace the destionation IP address with real server's IP address
> > > and replace the source IP address with director's private
> > > address.So real server don't have to set director as default
> > > gateway. Can lvs do it? Thank you
> > > 
> > 
> > I also think that would be a nice feature for LVS .. F5 call it SNAT
> > (secure NAT) for daft marketing reasons and I guess 30-40 of their
> > customers use it because it is so easy to configure.
> > 
> > Probably not trivial to program though ?
> 
> I don't really follow how such a feature can work.
> The Real Servers are still going to respond with their
> own IP address and this still needs to be rewritten somehow.
> That is unless there is some modification to the Real Servers.
> I guess I am missing the point somewhere.
  I think this doesn't need to be rewritten somehow for real servers. 
  The director replaces the destination IP address with realserver IP address and \
replaces the source IP address with private IP address for incoming packets.   Then \
realserver receives the packets and processes them. Because the packets realserver \
received have the director private IP address as source IP address. Realserver \
responses packets to director.  The director receives the packets from realservers , \
replace the destination IP address with the client IP address and replace the source \
IP address with the VIP.  
  I think this can work theoretically. กก 
> 
> That said, It should be easy enough to implement.
> Actually it might be possible to just use
> an ipchains rule to do it.

  I wander if LVS can do it?
> 
> -- 
> Horms




_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://www.in-addr.de/mailman/listinfo/lvs-users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic