Hi there,
I got the solution for my problem, and thought may at someday somebody
could use it. Julian Anastasov and some people from the LVS mailing list
helped me with it.
---
Subject: Re: LVS and CBQ
Date: Tue, 10 Oct 2000 22:53:01 +0000 (GMT)
From: Julian Anastasov <ja@xxxxxx>
To: joern maier <joern.maier@xxxxxxxxxxxxxxxxxxxxx>
CC: "lvs-users@xxxxxxxxxxxxxxxxxxxxxx"
<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
LVS currently uses fwmark only to lookup the virtual service. If
you mark packets they don't hit non-fwmark virtual services. This
problem is known from long time. May be now it is time the packets
with fwmark!=0 to be checked for non-fwmark services too. I.e. we will
perform two lookups for virtual service for the marked packets: little
performance drop for the fwmark users.
You can't use ipchains to distinguish the packets to different
real servers in VS/DR mode. The packets are not changed. If you trace
them you can see that only the MAC address is different. The real server
IP is used only for the routing decision, i.e. to select the parameters
for the lower layer. For VS/TUN and VS/NAT you can safely rely on the
IP header to extract the real server IP but not for LVS/DR. This is the
way LVS/DR is working: the destination address in the IP header is
not changed, it is same for all real servers: the VIP.
---
so that´s what I did:
I had to setup my VS WITH IP-TUNNELING and make an entry like this
-> for the load balancer (LVS)
ipvsadm -A -f 100 -s lc
ipvsadm -a -f 100 -r <realserver1_IP> -i
ipvsadm -a -f 100 -r <realserver2_IP> -i
ipvsadm -a -f 100 -r <realserver3_IP> -i
having a rule in my ipchains table like that:
# ipchains -A input -p http -s <client-IP> -m 1
and setting up a CBQ filter
# tc filter add dev eth0 protocol ip parent 100:0 prio 100 handle 100 fw
classid 100:100
the VS-director passes only the specified maximum of traffic to the
realservers this is exactly what I´ve been looking for
thanks to everybody supporting me here as well
cheers,
Joern Maier
