Mailing List Archive

Hi,

I think you can use the fwmark option for the
loadbalancing

you can mark the incomming pakackes with an
ipchains rule like
ipchains -A input -s 0.0.0.0/0 -d 192.168.0.0/24
-m 1

then

you can setup your LVS like

ipvsadm -A -f 1 -s wlc
ipvsadm -a -f 1 -r 10.10.10.15 -g
ipvsadm -a -f 1 -r 10.10.10.16 -g
.
.
.


ps. the cisco should then point to the LB

cu,

Chris


> Ian Courtney wrote:
>
> Just been playing with lvs for the last week or
> so, and have gone though a little of the mailing
> list, but have yet to find a good answer to my
> problem.
>
>
> Basically here at our ISP, we tend to have 2-3
> Class C's worth of hosting per server. We would
> like to move the the LVS, but I'm not exactly
> sure how I should be setting it up.
>
> Our setup:
>
> Normally:
> The machine has a static ip, lets say
> 10.10.10.15, and two Class C's , 192.168.0.0/24
> and 172.16.0.0/24, both class C's have explicit
> routes on our cisco router to 10.10.10.15.
>
> I need to know how to integrate this method into
> our network using lvs. I know I have to change
> the route to point at the Director, but from
> there I'm kinda lost. Does the director need to
> have all the Class C's present on the
> RealServers aliased?
>
> I've also thought of setting up a route for each
> Class C to each Realserver using them, but that
> would kind of render the LVS useless as it
> wouldn't be doing the round robin, the routing
> would (if that would even work).
>
> A bigger problem for me is a head, this is
> currently just for 3 Class C's for our CGI
> users, our normal Unix webspace is the next to
> get LVS'd, but there is probably 18 class C's
> involved in that space, and I don't think Linux
> will handle having 18 Class C's aliased to a
> single machine.
>
> Any help is greatly appreciated.
>
> ------------------------------------------------------------
> Ian Courtney
> Systems Unix Administrator
> CADVision Internet
> (http://www.cadvision.com)
> A division of PSINet inc. [NASDAQ PSIX]
> 300 - 5th Avenue SW, Suite 1810
> Calgary, Alberta
> Email: ianc@cadvision.com
> Phone: (403) 777-1300
> ----------------------------------------------------------
>
>

On Mon, Jan 15, 2001 at 03:21:32PM +0100, Chris wrote:

Chris is correct. This is exactly the scenario the fwmark support was
implemented for.

> Hi,
>
> I think you can use the fwmark option for the
> loadbalancing
>
> you can mark the incomming pakackes with an
> ipchains rule like
> ipchains -A input -s 0.0.0.0/0 -d 192.168.0.0/24 -m 1

ipchans -A input -s 0.0.0.0/0 -d 172.16.0.0/24 -m 1

> then
>
> you can setup your LVS like
>
> ipvsadm -A -f 1 -s wlc
> ipvsadm -a -f 1 -r 10.10.10.15 -g
> ipvsadm -a -f 1 -r 10.10.10.16 -g
> .
> .
> .
>
>
> ps. the cisco should then point to the LB
>
> cu,
>
> Chris
>
>
> > Ian Courtney wrote:
> >
> > Just been playing with lvs for the last week or
> > so, and have gone though a little of the mailing
> > list, but have yet to find a good answer to my
> > problem.
> >
> >
> > Basically here at our ISP, we tend to have 2-3
> > Class C's worth of hosting per server. We would
> > like to move the the LVS, but I'm not exactly
> > sure how I should be setting it up.
> >
> > Our setup:
> >
> > Normally:
> > The machine has a static ip, lets say
> > 10.10.10.15, and two Class C's , 192.168.0.0/24
> > and 172.16.0.0/24, both class C's have explicit
> > routes on our cisco router to 10.10.10.15.
> >
> > I need to know how to integrate this method into
> > our network using lvs. I know I have to change
> > the route to point at the Director, but from
> > there I'm kinda lost. Does the director need to
> > have all the Class C's present on the
> > RealServers aliased?
> >
> > I've also thought of setting up a route for each
> > Class C to each Realserver using them, but that
> > would kind of render the LVS useless as it
> > wouldn't be doing the round robin, the routing
> > would (if that would even work).
> >
> > A bigger problem for me is a head, this is
> > currently just for 3 Class C's for our CGI
> > users, our normal Unix webspace is the next to
> > get LVS'd, but there is probably 18 class C's
> > involved in that space, and I don't think Linux
> > will handle having 18 Class C's aliased to a
> > single machine.
> >
> > Any help is greatly appreciated.
> >
> > ------------------------------------------------------------
> > Ian Courtney
> > Systems Unix Administrator
> > CADVision Internet
> > (http://www.cadvision.com)
> > A division of PSINet inc. [NASDAQ PSIX]
> > 300 - 5th Avenue SW, Suite 1810
> > Calgary, Alberta
> > Email: ianc@cadvision.com
> > Phone: (403) 777-1300
> > ----------------------------------------------------------
> >
> >
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users

--
Horms

Ok, I've tried this and it doesn't quite seem to work. Now the route on the
cisco is not pointing at that machine, but my client machine
(207.228.64.120) has explicit routes for the 2 1/2 Class C's listed in the
ipchains commands below, routed to (207.228.64.64), which is my linux
director. Doing traceroutes shows the packets hit the director and get
forwarded to the router. Now I've made sure that I have all the right stuff
compiled into my kernel, the module for marked packets is called
ip_masq_mfw.o (as opposed to what the help says in the make menuconfig,
ip_masq_markfw.o). But that modules isn't loaded at startup, and even if I
insmod it it doesn't make a difference.. So have I missed something real
small somewhere along the way?

This is my config file so far:
#setup
echo "1" > /proc/sys/net/ipv4/ip_forward
ipchains -F
ipvsadm -C

#firewall packet marking
ipchains -A input -s 0.0.0.0/0 -d 207.228.79.0/25 -m 1
ipchains -A input -s 0.0.0.0/0 -d 207.148.155.0/24 -m 1
ipchains -A input -s 0.0.0.0/0 -d 207.148.151.0/24 -m 1

#virtual server stuff
#cgi1/cgi2 web balancing for ~ homedirs
ipvsadm -A -t 207.228.64.64:80 -s wlc
ipvsadm -a -t 207.228.64.64:80 -r 207.228.64.35:80 -g -w 1
ipvsadm -a -t 207.228.64.64:80 -r 207.228.64.109:80 -g -w 1

#ftp balancing
ipvsadm -A -t 207.228.64.64:21 -s wrr -p 600
ipvsadm -a -t 207.228.64.64:21 -r 207.228.64.35:21 -g -w 1
ipvsadm -a -t 207.228.64.64:21 -r 207.228.64.109:21 -g -w 1

#telnet and ssh
ipvsadm -A -t 207.228.64.64:22 -s wrr
ipvsadm -a -t 207.228.64.64:22 -r 207.228.64.35:22 -g -w 1
ipvsadm -a -t 207.228.64.64:22 -r 207.228.64.109:22 -g -w 1
ipvsadm -A -t 207.228.64.64:23 -s wrr
ipvsadm -a -t 207.228.64.64:23 -r 207.228.64.35:23 -g -w 1
ipvsadm -a -t 207.228.64.64:23 -r 207.228.64.109:23 -g -w 1

#virtual hosts
ipvsadm -A -f 1 wlc
ipvsadm -a -f 1 -r 207.228.64.35 -g
ipvsadm -a -f 1 -r 207.228.64.109 -g

----- Original Message -----
From: "Chris" <chris@isg.de>
To: <lvs-users@LinuxVirtualServer.org>
Sent: Monday, January 15, 2001 7:21 AM
Subject: Re: non name based web hosting question


> Hi,
>
> I think you can use the fwmark option for the
> loadbalancing
>
> you can mark the incomming pakackes with an
> ipchains rule like
> ipchains -A input -s 0.0.0.0/0 -d 192.168.0.0/24
> -m 1
>
> then
>
> you can setup your LVS like
>
> ipvsadm -A -f 1 -s wlc
> ipvsadm -a -f 1 -r 10.10.10.15 -g
> ipvsadm -a -f 1 -r 10.10.10.16 -g
> .
> .
> .
>
>
> ps. the cisco should then point to the LB
>
> cu,
>
> Chris
>
>
> > Ian Courtney wrote:
> >
> > Just been playing with lvs for the last week or
> > so, and have gone though a little of the mailing
> > list, but have yet to find a good answer to my
> > problem.
> >
> >
> > Basically here at our ISP, we tend to have 2-3
> > Class C's worth of hosting per server. We would
> > like to move the the LVS, but I'm not exactly
> > sure how I should be setting it up.
> >
> > Our setup:
> >
> > Normally:
> > The machine has a static ip, lets say
> > 10.10.10.15, and two Class C's , 192.168.0.0/24
> > and 172.16.0.0/24, both class C's have explicit
> > routes on our cisco router to 10.10.10.15.
> >
> > I need to know how to integrate this method into
> > our network using lvs. I know I have to change
> > the route to point at the Director, but from
> > there I'm kinda lost. Does the director need to
> > have all the Class C's present on the
> > RealServers aliased?
> >
> > I've also thought of setting up a route for each
> > Class C to each Realserver using them, but that
> > would kind of render the LVS useless as it
> > wouldn't be doing the round robin, the routing
> > would (if that would even work).
> >
> > A bigger problem for me is a head, this is
> > currently just for 3 Class C's for our CGI
> > users, our normal Unix webspace is the next to
> > get LVS'd, but there is probably 18 class C's
> > involved in that space, and I don't think Linux
> > will handle having 18 Class C's aliased to a
> > single machine.
> >
> > Any help is greatly appreciated.
> >
> > ------------------------------------------------------------
> > Ian Courtney
> > Systems Unix Administrator
> > CADVision Internet
> > (http://www.cadvision.com)
> > A division of PSINet inc. [NASDAQ PSIX]
> > 300 - 5th Avenue SW, Suite 1810
> > Calgary, Alberta
> > Email: ianc@cadvision.com
> > Phone: (403) 777-1300
> > ----------------------------------------------------------
> >
> >
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>