We are implementing a project for one university, here we are going to do
configuration of LVS(Piranha) and Squid Proxy (Real Servers), there are two
LVS routers one active and other is standby, and we have 3 Squid
servers(Real Servers), the job of LVS router is to load balance the
University internet access traffic between these 3 Squid Proxy Servers.
The basic LVS-NAT layout is as follows:
________
| |
| client | (local)
|________| 172.16.0.0/16 (Eg. – 172.16.0.10) ---
Some 3000 Clients are there some
| are having static
IPs and rest are getting IP from DHCP server.
|
(6509 Core Switch)
|
-- |
L Virtual IP (10.0.0.21) = aliased to eth0:1 LVS
Backup Router
i ____|_____ eth0 real IP = 10.0.0.22 (Fixed) eth0
real IP = 10.0.0.23
n | | (LVS routers have 2 NICs)
u | LVS active |
x |___Router _|
| 10.0.0.51 (virtual nat router IP) = eth1:1
V | eth1 real IP = 10.0.0.52
(Fixed) eth1 real IP = 10.0.0.52
i |
r -------------------------------------------------
t | | |
u | | |
a | | |
l (10.0.0.54) (10.0.0.55) (10.0.0.56) All on eth0
interface with gateway as 10.0.0.51
_____________ _____________ __________
| | | | | |
S | realserver1 | | realserver2 | | realserver3 | Squid Proxy Servers
e |_____________| |_____________| |_________|
r | | |
v | | |
e The Squid Proxy Servers eth1 interface is having following IPs
r (10.0.0.11) (10.0.0.12) (10.0.0.13) All on servers eth1
interface.
These are NATed to real IPs to get the Internet.
---
The IP address of a single client is 172.16.0.10. The virtual IP of the LVS
router is 10.0.0.21 (which can be taken over by a not-shown second Backup
LVS router for failover purposes).
The "real" IP of the LVS router is 10.0.0.22 (this IP is fixed and used for
heartbeat exchange between the two LVS routers). This network is
10.0.0.0/27 ( 10.0.0.1 – 10.0.0.30).
Now, on the "internal" network, 10.0.0.51 is the virtual IP of the LVS
router (again which can be taken over by a not-shown second Backup LVS
router for failover purposes), 10.0.0.52 is the "real" IP of the LVS router
in the internal network, and 10.0.0.54, 10.0.0.55, 10.0.0.56 are the IPs of
the real
Servers on the internal network and they are configured with
10.0.0.51(virtual nat router IP) as there gateway. This network is
10.0.0.32/27 ( 10.0.0.33– 10.0.0.62).
The Squid Proxy Servers eth1 interface is having following IPs 10.0.0.11,
10.0.0.12, 10.0.0.13
These are NATed to real IPs to get the Internet on the squid proxy servers.
The Virtual IP 10.0.0.21 is going to be advertised with FQDN and the client
requests are going to be addressed to this VIP.
As the scenario that comes to my mind if we are going to distribute the
servers and there Ethernet interfaces into different Vlans then it is is as
follows:
• VLAN1 comprises of LVS routers eth0 and this VLAN is going to talk to all
the other VLANs of University (which are already 26 in numbers).
• VLAN2 comprises of LVS router eth1 and three Squid Proxy servers eth0s,
and this VLAN is not going to talk to any other vlan.
• VLAN3 comprises of three Squid Proxy servers eth1s and these are being
NATed to get internet and they can be only able to talk to internet and not
to the internal University VLANs.
Q1)- Is the above concept of VLANs correct.
Q2)- Here for the Virtual NAT IP 10.0.0.51 and eth1 real IP 10.0.0.52 of the
LVS router what gateway we have to put. As this is falling under VLAN2
(here) but other VLAN2 interfaces are Squid Proxy servers eth0s which are
having their gateway as 10.0.0.51 (Virtual NAT).
Q3)- In client browser configuration what we have to put to get to the squid
for internet access (in this scenario) as Squid Servers itself are not
directly connected with the client rather they are getting client request
through Piranha
Q4)- Is there any way that we don’t have to put the any configuration in
client browser, but still he will come to squid and get the internet access.
Rakesh Upadhyay
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list
