[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-virtual-server
Subject: Re: Re: LVS Director as default gw?
From: "Aihua Liu" <liuah () langchaobj ! com ! cn>
Date: 2003-05-22 9:54:39
[Download RAW message or body]
> On Thu, May 22, 2003 at 09:56:16AM +0100, Malcolm Turnbull wrote:
> > > Horms,
> > > As I know, the lvs director with NAT rewrites the destination IP
> > > address for incoming packets and rewrites the source IP address
> > > for outgoing packets. Thus real server must set lvs director as
> > > default gateway.
> > >
> > > Now I wonder if the lvs director can rewrite both destination IP
> > > address and source IP address for all packets. Example, director
> > > replace the destionation IP address with real server's IP address
> > > and replace the source IP address with director's private
> > > address.So real server don't have to set director as default
> > > gateway. Can lvs do it? Thank you
> > >
> >
> > I also think that would be a nice feature for LVS .. F5 call it SNAT
> > (secure NAT) for daft marketing reasons and I guess 30-40 of their
> > customers use it because it is so easy to configure.
> >
> > Probably not trivial to program though ?
>
> I don't really follow how such a feature can work.
> The Real Servers are still going to respond with their
> own IP address and this still needs to be rewritten somehow.
> That is unless there is some modification to the Real Servers.
> I guess I am missing the point somewhere.
I think this doesn't need to be rewritten somehow for real servers.
The director replaces the destination IP address with realserver IP address and \
replaces the source IP address with private IP address for incoming packets. Then \
realserver receives the packets and processes them. Because the packets realserver \
received have the director private IP address as source IP address. Realserver \
responses packets to director. The director receives the packets from realservers , \
replace the destination IP address with the client IP address and replace the source \
IP address with the VIP.
I think this can work theoretically. กก
>
> That said, It should be easy enough to implement.
> Actually it might be possible to just use
> an ipchains rule to do it.
I wander if LVS can do it?
>
> --
> Horms
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic