Mailing List Archive

[lvs-users] about NAT return path
Hello,

We have a group of hosts for LVS NAT, they are exactly with the same
configure.

My question is, when the incoming package is from LVS host A to
realserver, but the returned package is going through from LVS host B to
the client, can this work well?

Thanks.

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
Sorry for the less info.
I meant, all the LVS hosts have the same VIP (managed by OSPF).
And their configure are exactly the same.

Yonghua Peng wrote:
> We have a group of hosts for LVS NAT, they are exactly with the same
> configure.
>
> My question is, when the incoming package is from LVS host A to
> realserver, but the returned package is going through from LVS host B to
> the client, can this work well?

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
Hi,

No, if a transaction start via LVS host A, the realserver need to use
this host as gateway to respond.
This is the normal for a NAT.
To make it work, you can use some SNAT rules on each LVS host to try to
enable this.
In this case each realserver will use the right LVS host while
responding to the client.
Real server will use A or B as default gateway while responding...
--
Ivan Havlicek

Le 02/02/2015 08:47, Yonghua Peng a écrit :
> Sorry for the less info.
> I meant, all the LVS hosts have the same VIP (managed by OSPF).
> And their configure are exactly the same.
>
> Yonghua Peng wrote:
>> We have a group of hosts for LVS NAT, they are exactly with the same
>> configure.
>>
>> My question is, when the incoming package is from LVS host A to
>> realserver, but the returned package is going through from LVS host B to
>> the client, can this work well?
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
Can you tell me why the realserver should use host A as the gateway?
since host A and B have the same configure, and share the same VIP, I
was thinking both A and B can be setup as the gateway.

Thanks.

Ivan Havlicek wrote:
> No, if a transaction start via LVS host A, the realserver need to use
> this host as gateway to respond.
> This is the normal for a NAT.

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
Hi,

Because there will be no entry in the NAT table on the second host so
it won't know how to deal with the return packet.

Best Regards

Martin

On 2015-02-02 09:06, Yonghua Peng wrote:
> Can you tell me why the realserver should use host A as the gateway?
> since host A and B have the same configure, and share the same VIP, I
> was thinking both A and B can be setup as the gateway.
>
> Thanks.
>
> Ivan Havlicek wrote:
>> No, if a transaction start via LVS host A, the realserver need to
>> use
>> this host as gateway to respond.
>> This is the normal for a NAT.
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list -
> lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
> !DSPAM:31,54cf3dce101351953215296!


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
If it's just a DNAT forwarding for the incoming packet, I don't think
LVS host has to keep the status of the connection.
I am probably wrong, just by curious. And I will test for it.

Thanks.

Martin Wheldon wrote:
> Hi,
>
> Because there will be no entry in the NAT table on the second host so
> it won't know how to deal with the return packet.
>
> Best Regards
>
> Martin
>
> On 2015-02-02 09:06, Yonghua Peng wrote:
>> Can you tell me why the realserver should use host A as the gateway?
>> since host A and B have the same configure, and share the same VIP, I
>> was thinking both A and B can be setup as the gateway.
>>
>> Thanks.
>>
>> Ivan Havlicek wrote:
>>> No, if a transaction start via LVS host A, the realserver need to
>>> use
>>> this host as gateway to respond.
>>> This is the normal for a NAT.
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list -
>> lvs-users@LinuxVirtualServer.org
>> Send requests to lvs-users-request@LinuxVirtualServer.org
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>> !DSPAM:31,54cf3dce101351953215296!
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
Hi,

The DNAT would still need to be reversed. The client will otherwise
drop
the packet as it won't be from the host it started the connection with.

Best Regards

Martin

On 2015-02-02 09:59, Yonghua Peng wrote:
> If it's just a DNAT forwarding for the incoming packet, I don't think
> LVS host has to keep the status of the connection.
> I am probably wrong, just by curious. And I will test for it.
>
> Thanks.
>
> Martin Wheldon wrote:
>> Hi,
>>
>> Because there will be no entry in the NAT table on the second host
>> so
>> it won't know how to deal with the return packet.
>>
>> Best Regards
>>
>> Martin
>>
>> On 2015-02-02 09:06, Yonghua Peng wrote:
>>> Can you tell me why the realserver should use host A as the
>>> gateway?
>>> since host A and B have the same configure, and share the same VIP,
>>> I
>>> was thinking both A and B can be setup as the gateway.
>>>
>>> Thanks.
>>>
>>> Ivan Havlicek wrote:
>>>> No, if a transaction start via LVS host A, the realserver need to
>>>> use
>>>> this host as gateway to respond.
>>>> This is the normal for a NAT.
>>>
>>> _______________________________________________
>>> Please read the documentation before posting - it's available at:
>>> http://www.linuxvirtualserver.org/
>>>
>>> LinuxVirtualServer.org mailing list -
>>> lvs-users@LinuxVirtualServer.org
>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>
>>>
>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list -
>> lvs-users@LinuxVirtualServer.org
>> Send requests to lvs-users-request@LinuxVirtualServer.org
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list -
> lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
> !DSPAM:31,54cf4a4d101354641921266!


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
Martin,

What I meant is, the incoming packages implement DNAT by LVS, then
forward to realserver.
The outgoing packages implement SNAT, then forward to client.
Since host A and B have the same VIP (managed by OSPF), after the SNAT,
the packages seem to be from the same host. Client shouldn't drop them.

Am I right?
Thanks.


Martin Wheldon wrote:
> Hi,
>
> The DNAT would still need to be reversed. The client will otherwise
> drop
> the packet as it won't be from the host it started the connection with.
>
> Best Regards
>
> Martin
>
> On 2015-02-02 09:59, Yonghua Peng wrote:
>> If it's just a DNAT forwarding for the incoming packet, I don't think
>> LVS host has to keep the status of the connection.
>> I am probably wrong, just by curious. And I will test for it.
>>
>> Thanks.
>>
>> Martin Wheldon wrote:
>>> Hi,
>>>
>>> Because there will be no entry in the NAT table on the second host
>>> so
>>> it won't know how to deal with the return packet.
>>>
>>> Best Regards
>>>
>>> Martin
>>>
>>> On 2015-02-02 09:06, Yonghua Peng wrote:
>>>> Can you tell me why the realserver should use host A as the
>>>> gateway?
>>>> since host A and B have the same configure, and share the same VIP,
>>>> I
>>>> was thinking both A and B can be setup as the gateway.
>>>>
>>>> Thanks.
>>>>
>>>> Ivan Havlicek wrote:
>>>>> No, if a transaction start via LVS host A, the realserver need to
>>>>> use
>>>>> this host as gateway to respond.
>>>>> This is the normal for a NAT.
>>>>
>>>> _______________________________________________
>>>> Please read the documentation before posting - it's available at:
>>>> http://www.linuxvirtualserver.org/
>>>>
>>>> LinuxVirtualServer.org mailing list -
>>>> lvs-users@LinuxVirtualServer.org
>>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> Please read the documentation before posting - it's available at:
>>> http://www.linuxvirtualserver.org/
>>>
>>> LinuxVirtualServer.org mailing list -
>>> lvs-users@LinuxVirtualServer.org
>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list -
>> lvs-users@LinuxVirtualServer.org
>> Send requests to lvs-users-request@LinuxVirtualServer.org
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>> !DSPAM:31,54cf4a4d101354641921266!
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
Hi,

Yes, with the SNAT on the real server you should be fine.

Best Regards

Martin

On 2015-02-02 10:12, Yonghua Peng wrote:
> Martin,
>
> What I meant is, the incoming packages implement DNAT by LVS, then
> forward to realserver.
> The outgoing packages implement SNAT, then forward to client.
> Since host A and B have the same VIP (managed by OSPF), after the
> SNAT,
> the packages seem to be from the same host. Client shouldn't drop
> them.
>
> Am I right?
> Thanks.
>
>
> Martin Wheldon wrote:
>> Hi,
>>
>> The DNAT would still need to be reversed. The client will otherwise
>> drop
>> the packet as it won't be from the host it started the connection
>> with.
>>
>> Best Regards
>>
>> Martin
>>
>> On 2015-02-02 09:59, Yonghua Peng wrote:
>>> If it's just a DNAT forwarding for the incoming packet, I don't
>>> think
>>> LVS host has to keep the status of the connection.
>>> I am probably wrong, just by curious. And I will test for it.
>>>
>>> Thanks.
>>>
>>> Martin Wheldon wrote:
>>>> Hi,
>>>>
>>>> Because there will be no entry in the NAT table on the second host
>>>> so
>>>> it won't know how to deal with the return packet.
>>>>
>>>> Best Regards
>>>>
>>>> Martin
>>>>
>>>> On 2015-02-02 09:06, Yonghua Peng wrote:
>>>>> Can you tell me why the realserver should use host A as the
>>>>> gateway?
>>>>> since host A and B have the same configure, and share the same
>>>>> VIP,
>>>>> I
>>>>> was thinking both A and B can be setup as the gateway.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Ivan Havlicek wrote:
>>>>>> No, if a transaction start via LVS host A, the realserver need
>>>>>> to
>>>>>> use
>>>>>> this host as gateway to respond.
>>>>>> This is the normal for a NAT.
>>>>>
>>>>> _______________________________________________
>>>>> Please read the documentation before posting - it's available at:
>>>>> http://www.linuxvirtualserver.org/
>>>>>
>>>>> LinuxVirtualServer.org mailing list -
>>>>> lvs-users@LinuxVirtualServer.org
>>>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Please read the documentation before posting - it's available at:
>>>> http://www.linuxvirtualserver.org/
>>>>
>>>> LinuxVirtualServer.org mailing list -
>>>> lvs-users@LinuxVirtualServer.org
>>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>
>>>
>>> _______________________________________________
>>> Please read the documentation before posting - it's available at:
>>> http://www.linuxvirtualserver.org/
>>>
>>> LinuxVirtualServer.org mailing list -
>>> lvs-users@LinuxVirtualServer.org
>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>
>>>
>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list -
>> lvs-users@LinuxVirtualServer.org
>> Send requests to lvs-users-request@LinuxVirtualServer.org
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list -
> lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
> !DSPAM:31,54cf4d55101351582769714!


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
SNAT on the real server?
sorry but I was thinking the SNAT is implemented by LVS, for the
returned back packages.

Martin Wheldon wrote:
> Hi,
>
> Yes, with the SNAT on the real server you should be fine.
>
> Best Regards
>
> Martin
>
> On 2015-02-02 10:12, Yonghua Peng wrote:
>> Martin,
>>
>> What I meant is, the incoming packages implement DNAT by LVS, then
>> forward to realserver.
>> The outgoing packages implement SNAT, then forward to client.
>> Since host A and B have the same VIP (managed by OSPF), after the
>> SNAT,
>> the packages seem to be from the same host. Client shouldn't drop
>> them.
>>
>> Am I right?
>> Thanks.
>>
>>
>> Martin Wheldon wrote:
>>> Hi,
>>>
>>> The DNAT would still need to be reversed. The client will otherwise
>>> drop
>>> the packet as it won't be from the host it started the connection
>>> with.
>>>
>>> Best Regards
>>>
>>> Martin
>>>
>>> On 2015-02-02 09:59, Yonghua Peng wrote:
>>>> If it's just a DNAT forwarding for the incoming packet, I don't
>>>> think
>>>> LVS host has to keep the status of the connection.
>>>> I am probably wrong, just by curious. And I will test for it.
>>>>
>>>> Thanks.
>>>>
>>>> Martin Wheldon wrote:
>>>>> Hi,
>>>>>
>>>>> Because there will be no entry in the NAT table on the second host
>>>>> so
>>>>> it won't know how to deal with the return packet.
>>>>>
>>>>> Best Regards
>>>>>
>>>>> Martin
>>>>>
>>>>> On 2015-02-02 09:06, Yonghua Peng wrote:
>>>>>> Can you tell me why the realserver should use host A as the
>>>>>> gateway?
>>>>>> since host A and B have the same configure, and share the same
>>>>>> VIP,
>>>>>> I
>>>>>> was thinking both A and B can be setup as the gateway.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> Ivan Havlicek wrote:
>>>>>>> No, if a transaction start via LVS host A, the realserver need
>>>>>>> to
>>>>>>> use
>>>>>>> this host as gateway to respond.
>>>>>>> This is the normal for a NAT.
>>>>>>
>>>>>> _______________________________________________
>>>>>> Please read the documentation before posting - it's available at:
>>>>>> http://www.linuxvirtualserver.org/
>>>>>>
>>>>>> LinuxVirtualServer.org mailing list -
>>>>>> lvs-users@LinuxVirtualServer.org
>>>>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Please read the documentation before posting - it's available at:
>>>>> http://www.linuxvirtualserver.org/
>>>>>
>>>>> LinuxVirtualServer.org mailing list -
>>>>> lvs-users@LinuxVirtualServer.org
>>>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>
>>>>
>>>> _______________________________________________
>>>> Please read the documentation before posting - it's available at:
>>>> http://www.linuxvirtualserver.org/
>>>>
>>>> LinuxVirtualServer.org mailing list -
>>>> lvs-users@LinuxVirtualServer.org
>>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> Please read the documentation before posting - it's available at:
>>> http://www.linuxvirtualserver.org/
>>>
>>> LinuxVirtualServer.org mailing list -
>>> lvs-users@LinuxVirtualServer.org
>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list -
>> lvs-users@LinuxVirtualServer.org
>> Send requests to lvs-users-request@LinuxVirtualServer.org
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>> !DSPAM:31,54cf4d55101351582769714!
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
Hi,

The SNAT could be configured on either the LVS node or the real server.

Best Regards

Martin

On 2015-02-02 10:29, Yonghua Peng wrote:
> SNAT on the real server?
> sorry but I was thinking the SNAT is implemented by LVS, for the
> returned back packages.
>
> Martin Wheldon wrote:
>> Hi,
>>
>> Yes, with the SNAT on the real server you should be fine.
>>
>> Best Regards
>>
>> Martin
>>
>> On 2015-02-02 10:12, Yonghua Peng wrote:
>>> Martin,
>>>
>>> What I meant is, the incoming packages implement DNAT by LVS, then
>>> forward to realserver.
>>> The outgoing packages implement SNAT, then forward to client.
>>> Since host A and B have the same VIP (managed by OSPF), after the
>>> SNAT,
>>> the packages seem to be from the same host. Client shouldn't drop
>>> them.
>>>
>>> Am I right?
>>> Thanks.
>>>
>>>
>>> Martin Wheldon wrote:
>>>> Hi,
>>>>
>>>> The DNAT would still need to be reversed. The client will
>>>> otherwise
>>>> drop
>>>> the packet as it won't be from the host it started the connection
>>>> with.
>>>>
>>>> Best Regards
>>>>
>>>> Martin
>>>>
>>>> On 2015-02-02 09:59, Yonghua Peng wrote:
>>>>> If it's just a DNAT forwarding for the incoming packet, I don't
>>>>> think
>>>>> LVS host has to keep the status of the connection.
>>>>> I am probably wrong, just by curious. And I will test for it.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Martin Wheldon wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Because there will be no entry in the NAT table on the second
>>>>>> host
>>>>>> so
>>>>>> it won't know how to deal with the return packet.
>>>>>>
>>>>>> Best Regards
>>>>>>
>>>>>> Martin
>>>>>>
>>>>>> On 2015-02-02 09:06, Yonghua Peng wrote:
>>>>>>> Can you tell me why the realserver should use host A as the
>>>>>>> gateway?
>>>>>>> since host A and B have the same configure, and share the same
>>>>>>> VIP,
>>>>>>> I
>>>>>>> was thinking both A and B can be setup as the gateway.
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>> Ivan Havlicek wrote:
>>>>>>>> No, if a transaction start via LVS host A, the realserver need
>>>>>>>> to
>>>>>>>> use
>>>>>>>> this host as gateway to respond.
>>>>>>>> This is the normal for a NAT.
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Please read the documentation before posting - it's available
>>>>>>> at:
>>>>>>> http://www.linuxvirtualserver.org/
>>>>>>>
>>>>>>> LinuxVirtualServer.org mailing list -
>>>>>>> lvs-users@LinuxVirtualServer.org
>>>>>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Please read the documentation before posting - it's available
>>>>>> at:
>>>>>> http://www.linuxvirtualserver.org/
>>>>>>
>>>>>> LinuxVirtualServer.org mailing list -
>>>>>> lvs-users@LinuxVirtualServer.org
>>>>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Please read the documentation before posting - it's available at:
>>>>> http://www.linuxvirtualserver.org/
>>>>>
>>>>> LinuxVirtualServer.org mailing list -
>>>>> lvs-users@LinuxVirtualServer.org
>>>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Please read the documentation before posting - it's available at:
>>>> http://www.linuxvirtualserver.org/
>>>>
>>>> LinuxVirtualServer.org mailing list -
>>>> lvs-users@LinuxVirtualServer.org
>>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>>
>>>
>>> _______________________________________________
>>> Please read the documentation before posting - it's available at:
>>> http://www.linuxvirtualserver.org/
>>>
>>> LinuxVirtualServer.org mailing list -
>>> lvs-users@LinuxVirtualServer.org
>>> Send requests to lvs-users-request@LinuxVirtualServer.org
>>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>>
>>>
>>
>>
>> _______________________________________________
>> Please read the documentation before posting - it's available at:
>> http://www.linuxvirtualserver.org/
>>
>> LinuxVirtualServer.org mailing list -
>> lvs-users@LinuxVirtualServer.org
>> Send requests to lvs-users-request@LinuxVirtualServer.org
>> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list -
> lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
> !DSPAM:31,54cf5115101352002713398!


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
Hi,

So, since LVS (NAT mode) implement SNAT for the returned packages, and
all LVS hosts have the same VIP, and all LVS hosts have been configured
with the same rules, now for the realserver, it can pickup any one of
the LVS hosts as its default gw. Am I right?

Regards.


Martin Wheldon wrote:
> The SNAT could be configured on either the LVS node or the real server.
>
> Best Regards

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
Hi,

I would expect that to work yes.

Best Regards

Martin

On 2015-02-02 10:42, Yonghua Peng wrote:
> Hi,
>
> So, since LVS (NAT mode) implement SNAT for the returned packages,
> and
> all LVS hosts have the same VIP, and all LVS hosts have been
> configured
> with the same rules, now for the realserver, it can pickup any one of
> the LVS hosts as its default gw. Am I right?
>
> Regards.
>
>
> Martin Wheldon wrote:
>> The SNAT could be configured on either the LVS node or the real
>> server.
>>
>> Best Regards
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list -
> lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
> !DSPAM:31,54cf5425101358286478450!


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] about NAT return path [ In reply to ]
Hello Yonghua Peng,


AS per LVS-NAT concept the realservers are allmost at an second network( rfc1912 ipaddresses allmost ):

haveing i.e net 1.2.3.4 on lb1 at eth0
haveing i.e net 192.168.1.1 on lb1 at eth1

external VIP i.e : 1.2.3.3

haveing i.e net 1.2.3.5 on lb1 at eth1
haveing i.e net 192.168.1.2 on lb2 at eth1

and the VI_GATEWAY on eth1 with i.e : 192.168.1.3

VI_GATEWAY are managed by ldirectord or keepalived or other HA IPVS app.
VI_GATEWAY with keepalived managed by vrrp


keealive docu : http://www.keepalived.org/LVS-NAT-Keepalived-HOWTO.html

Make shure implement nonlocalbinds sys-ctl on realservers.
make shure implement ip forward and nonlocalbinds on LB´s


AS per LVS-DR concept the realservers can be in the same or different networks and not require any NAT
LVS DR uses the standard default gw allmost with rarp

see http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-DR.html


--
Mit freundlichen Grüßen / Best Regards

Horst Venzke ; PGP NET : 1024G/082F2E6D ; http://www.remsnet.de

Legal Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.


> Gesendet: Montag, 02. Februar 2015 um 11:42 Uhr
> Von: "Yonghua Peng" <yhpeng@orange.fr>
> An: lvs-users@linuxvirtualserver.org
> Betreff: Re: [lvs-users] about NAT return path
>
> Hi,
>
> So, since LVS (NAT mode) implement SNAT for the returned packages, and
> all LVS hosts have the same VIP, and all LVS hosts have been configured
> with the same rules, now for the realserver, it can pickup any one of
> the LVS hosts as its default gw. Am I right?
>
> Regards.
>
>
> Martin Wheldon wrote:
> > The SNAT could be configured on either the LVS node or the real server.
> >
> > Best Regards
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>