Mailing List Archive

[lvs-users] lvs and iptables?
Just a beginner question. I thought lvs is implemented using iptables?
I have configured a VIP with two backend server using NAT (-m option). But,
I was not able to see my configuration in the output from iptables-save
command..
I did see my configuration is correct using ipvsadm command.

Just curious...

John
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] lvs and iptables? [ In reply to ]
Hi John,

LVS can use iptables but doesn't always...

Basically firewall mark configurations are marked in iptables so will
show in the iptables-save output. LVS will also use conntrack from
iptables if available for NAT mode.

However, for a simple single port virtual service you wouldn't see
anything in iptables-save at all.

Aaron West

Loadbalancer.org Ltd.

www.loadbalancer.org

+1 888 867 9504 / +44 (0)330 380 1064
aaron@loadbalancer.org

LEAVE A REVIEW | DEPLOYMENT GUIDES | BLOG


On 10 October 2017 at 02:46, John Wei <johntwei@gmail.com> wrote:
> Just a beginner question. I thought lvs is implemented using iptables?
> I have configured a VIP with two backend server using NAT (-m option). But,
> I was not able to see my configuration in the output from iptables-save
> command..
> I did see my configuration is correct using ipvsadm command.
>
> Just curious...
>
> John
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] lvs and iptables? [ In reply to ]
On 10 Oct 2017, at 09:30, Aaron West <aaron@loadbalancer.org> wrote:
> LVS can use iptables but doesn't always...

To expand on that a little: LVS (IPVS) is basically a kernel-level router with some extra whistles and bells. ipvsadm is the primary userspace tool used to manipulate the state of the system.

As Aaron says, LVS can make use of some of the functionality provided by iptables but it is separate and not dependent on it.

Graeme
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] lvs and iptables? [ In reply to ]
Hi Aaron and Graeme,
Thanks for the clarification. It seems that lvs (ipvs) is built on top of
netfilter directly, I assume this will give better performance than
building on top of iptables.
I will keep researching and may post additional questions later on.

John


On Tue, Oct 10, 2017 at 2:41 AM, Graeme Fowler <graeme@graemef.net> wrote:

> On 10 Oct 2017, at 09:30, Aaron West <aaron@loadbalancer.org> wrote:
> > LVS can use iptables but doesn't always...
>
> To expand on that a little: LVS (IPVS) is basically a kernel-level router
> with some extra whistles and bells. ipvsadm is the primary userspace tool
> used to manipulate the state of the system.
>
> As Aaron says, LVS can make use of some of the functionality provided by
> iptables but it is separate and not dependent on it.
>
> Graeme
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users