IPVSADM - help on network topology

IPVSADM - help on network topology

Post by ben.wil.. » Wed, 30 Aug 2006 22:28:28

Hi all,

I'm considering using IPVS shortly for a Load balancing scenario.

Successfully balance load across three web servers
Be able to connect to and remotely administrate the three web servers
from an external network

Here's my current thinking:

Internet--> cisco Pix -->Linux with IPVS --> 3 Web servers

here's my current network addressing idea

Internet --> [e.g] Pix [] --> []
Linux with IPVS [] --> [] []

I hope the above is clear. The topology above would implement the IPVS
/ NAT scheme correctly i believe, if, when traffic hits the external IP
address, this is translated by the Pix to
The Linux with IPVS should then balance this across the three web
servers. The "real" servers (web servers) would have their default
gateway pointed at so that the returning packets could be

A few questions:

Can anyone tell me if my thinking above is correct before i embark on
putting it together in a  proof of concept?

If this was in a hosted environment and i wanted to ssh / ftp into the
individual web servers so i could alter content / change configuration.
How would i perform this? If i set up VPN on the pix, i would be on the network and would not be able to hit the

If i used the pix to translate from an external address for ssh to an
internal one, i doubt id be able to get it to translate to a address.

What would be the best way to remote admin the "real" servers (web

Thanks very much for your time, any advice appreciated!

Mr W


1. strange network topology (plz help me out of this)

hi all !

me and my friend are fighting now for days upon a certain (complex)
networking issue.
at first i thought this is impossible but now i know nothing about it.
i'm no linux guru, but i try to :-)

here's my problem:

i have a local subnet
connected to world 0/0
and masqed.

everythings allright so far, but know the problems arise:

i have 3 public fix ip-addresses like, lets assume i have ips
from .3 to .5

my world comes to fw from eth1
my local is eth0
my designated public ip computer is at eth2

now my router plugged before firewall is located in _the same_ subnet as i
have my public addresses, that means my router (reachable through eth1) has
ip (same subnet as my public ips).

this consequently means that i have 2 _same_ subnets on 2 _different_ ifs
(eth1 & eth2).

first question: in general, is it possible to have 2 same subnets on 2
different ifaces ?

i tried this. it works only partially, and i'm not sure wether the problem
is routing or masquing...

if i configure both eth1 and eth2 as same subnets, i can reach both subnets
from fw-machine.. so far so good,
my masquing is only for eth0 (yet)...

now i want that eth2 (my given public ips) are forwarded through fw, so that
i can ping the world from, which is plugged to fw via eth2....
this is the breaking point anyway. no matter what i try ___i cant ping world
from my fix public ip-machine___

second question:
is this network topology possible to configure anyway ???

whats the goal of such a config ? -> i just want a webserver running on secured by fw-machine has ip (eth2) plugged to world
via router ( on eth1 and a subnet on eth0...

i know it's getting a bit complex, but it's a challange for you (and me),
isn't it ? :-)

btw: i use suse6.3 and ipchains

if you can help me, you guru outside spending whole weekends configuring
networks, __plz__ help me...

thanks alot,


2. libMesaGLw.so with Motif

3. Fix asm-alpha/topology.h & asm-ppc64/topology.h

4. vncserver prob

5. ipvsadm help

6. sort

7. ipchains port forwarding and ipvsadm: need help configuring

8. Propistition for Sun Systems Employees

9. port forwarding with IPVSADM: help getting to internal masq'd clients

10. ipchains port forwarding and ipvsadm: need help configuring

11. help - ipvsadm : redhat 6.2

12. Questions about network topology and 802.11

13. Network Topology Questions: