Admin a écrit :
So for example - assuming 192.168.1.0/24 as the servers_subnet (ignore that
this is private address space)
realServerA=192.168.1.10
realServerB=192.168.1.11
VIP=192.168.1.1
the procedure would be:
o Compile the kernel with iptables support plus...
* IP: advanced router
* IP: policy routing
* IP: use netfilter MARK value as routing key
Right, I always forget these functions are optional...
echo '80 web' >> /etc/iproute2/rt_tables
iptables -t mangle -A OUTPUT -d 192.168.1.0/24 -p tcp --sport 80 \
-m state --state ESTABLISHED -j MARK --set-mark 200
ip rule add fwmark 200 lookup web
ip route add default via 192.168.1.1 table web
With that applied, then a server running on port 80 on 192.168.1.10 should be
able to access the service on the vip on 192.168.1.1, which will get directed
back to 192.168.1.10 or 192.168.1.11. That request should then be returned to
the client on 192.168.1.10
Oops, I just realized that for several reasons it won't work when the
alteon redirects a connection to the same server.
It doesn't work yet (I'm still examining the packet dumps to try to work out
why)
Ok. Check the packet MAC addresses on both servers.
Added a mark log to check on the match
iptables -t mangle -A OUTPUT -m mark --mark 200 -j LOG \
--log-level DEBUG --log-prefix "fwmark 200: "
which show's the traffic from the health checks that come in from the alteon,
Huh ? This rule is in the OUTPUT chain, so it shouldn't log incoming
packets from the alteon.
and presumably the traffic from the real server to the vip when I try to make
that connection.
Rather the return traffic from the target server to the source server.
