On Mon, 2006-12-04 at 14:39 -0600, Dave Augustus wrote:
piranha = LVS I do believe- maybe some management scripts are
different.
I have been using LVS for 5 years now. It works great!
Piranha was the easiest thing for me to grab with YUM. I tried looking
into the other packages out there and got worried about the amount of
documentation dedicated to 2.2 kernels.
(Help me understand... I am not an iptables guru but I have done some
to
get done what I needed to)
your statements:
-A PREROUTING -d <VIP> -p tcp -m tcp --dport 389 -j REDIRECT
-A PREROUTING -d <VIP> -p tcp -m tcp --dport 636 -j REDIRECT
Small typo, insert "-t nat" at the beginning of both lines.
Does this mean?
-you are assigning an 2 IPs to your LDAP servers, one for loadbalancing
and one for LDAP server
-any traffic to the VIP is redirected to the IP that you have told LDAP
server to use
Correct?
In my scenario, the real servers are separate from the load balancer.
Only the load balancer is hosting the VIP.
I borrowed this method from the "HOWTO.direct-routing" that came with
the Piranha docs. A method that uses arptables was also documented, but
I didn't have much luck with it.
I've pasted what the HOWTO says about iptables below.
-Steve
Setting up the Real Servers, method #2: Use iptables to tell the real
servers to handle the packets.
How it works:
We use an IP tables rule to create a transparent proxy so that a
node
will service packets sent to the virtual IP address(es), even though
the virtual IP address does not exist on the system.
Advantages:
* Simple to configure.
* Avoids the LVS "ARP problem" entirely. Because the virtual IP
address(es) only exist on the active LVS director, there _is_ no ARP
problem!
Disadvantages:
* Performance. There is overhead in forwarding/masquerading every
packet.
* Impossible to reuse ports. For instance, it is not possible to run
two separate Apache services bound to port 80, because both must
bind to INADDR_ANY instead of the virtual IP addresses.
(1) BACK UP YOUR IPTABLES CONFIGURATION.
(2) On each real server, run the following for every VIP / port /
protocol
(TCP, UDP) combination intended to be serviced for that real server:
iptables -t nat -A PREROUTING -p <tcp|udp> -d <vip> \
--dport <port> -j REDIRECT
This will cause the real servers to process packets destined for the
VIP which they are handed.
service iptables save
chkconfig --level 2345 iptables on
The second command will cause the system to reload the arptables
configuration we just made on boot - before the network is started.