Idea is that packets are handled in the following way on each VLAN: In myĬase, I spent lots of time trying to get that to work on the CiscoĪssuming that traffic reaches the LVS pair on both VLAN 10 and 20, the Have the router do SNAT/masquerading of the incoming packets. Pointing the virtual IP towards the LVS VIP on each VLAN.Īn obvious and easy solution to the overlapping subnets, would be to These VRF instances will in turn have separate routing tables, (virtual routing and forwarding) instance 10, and tunnel B to VRF 20. Short, a crypto map is defined so that tunnel A is mapped to VRF This approach is common in Cisco routers by using VRF-aware IPSec. Separate egress interfaces, or using IPSec VPNs, like in the diagram: Isn't really important the remote sites can be directly connected on The router maps each remote site to its own VLAN. Combine VLANs with interface bonding to achieveĪn even higher degree of resilience against failures. While you can use individual network interfaces, using VLANs saves So in short, it combines a two-node, multi-interface lvs To a unique IP range so that users can be identified in application This setup solves the challenge of serving remote users that originateįrom multiple different sites that all use the same overlapping Netfilter connection tracking for lvs/ipvs (v2.6.37, commit).Netfilter nat INPUT chain, NETMAP changes (v2.6.36, commit).Connection tracking zones (v2.6.34, commit).Accept incoming packets with local source (v2.6.33, commit).In particular, itĭepends on the following recent features: This setup requires kernel version 2.6.37 or newer.
0 Comments
Leave a Reply. |