Linux "remote" LVS forward to "main" LVS in front of Apache

I have a working 2-node LVS group using piranha in front of a 2-node Apache group.

The LVS hosts are in Direct Route mode and have a Virtual IP (VIP) which they listen on, and forwards the 2 Apache servers in round-robin (for testing - if another selection method is preferred/required, I am certainly open to that).

What I'm looking to do is put a "standalone" LVS host at a branch office, so local requests hit the branch LVS host, which has its own VIP on the local subnet (of the remote branch).  The LVS host then forwards those (thru a VPN tunnel) to the VIP of the LVS group at main location.

I have this all "working"....except I can't open a web page using the VIP at the remote location.

More info:
Main -
   LVS1 (Real IP) - 192.168.1.10
   LVS2 (RIP) - 192.168.1.11
   VIP - 192.168.1.210

   apache1 (RIP) - 192.168.1.211
   apache2 (RIP) - 192.168.1.212
   virtual-host - *:81  <-- the website is on port 81
   apache1/2 use arptables_jf and "mangle" replies as 192.168.1.10/11 (LVS1/2 RIP's)

Remote1
   LVS3 (RIP) - 10.0.100.10
   VIP - 10.0.100.210

   piranha Virtual Server has a single Real Server: 192.168.1.210 (the VIP at Main)

I see the get/expect requests from LVS3 RIP in the apache logs.  I can ping the remote-VIP (10.0.100.210) from the remote subnet.
I can't open a browser to 10.0.100.210, nor can I telnet to the remote-VIP:81

iptables have appropriate entries and SElinux is disabled.
snowdog_2112Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
What is the gain? Traffic on wire is same, no added availablity?
0
snowdog_2112Author Commented:
(sorry for the delay!!!  this dropped off my radar for other pressing matters.)

Gain?  I am not sure what you mean - I'm new to LVS and piranha.

With respect to "traffic on wire", I am also a little confused - which traffic on which wire?
0
gheistCommented:
Total traffic between remote office and had application does not change at all
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

snowdog_2112Author Commented:
The gain has to do with tunnel availability.  Due to the network arrangement of the remote location, we do not have direct access to the firewall at the remote location which makes the lan-2-lan tunnel to the main.

There have been several cases where Internet access works at both locations, but the tunnel is broken for extended periods.

The LVS at the remote location can be used to direct traffic to the public IP of the main branch LVS, without changing the applications or DNS entries.

Does that answer the "why" question?

Thanks again!
0
gheistCommented:
You need small bits from webserver even with all static content permanently catched (like pages linking static images)
0
snowdog_2112Author Commented:
I missed an item on the configuration - though it doesn't affect the original question....

The remote LVS host will *also* have a replica of the Apache/app server in the remote branch.

You are correct - the LVS host at the remote branch *will not* be able to reach the main office.

The idea is the remote LVS host will "fail over" to its local app server.

(I plan on making the local app server "unavailable" to the LVS host if the main branch is online, so traffic should fail to the local replica *only if* the main branch is inaccessible).

So...the remote office LVS host has *TWO* RIP's behind it:
- local app server (normally "offline" as far as the LVS can tell - the test/expect will be a fail).
- main branch - this RIP is, itself another LVS host, with 2 app servers behind it.

The question remains the same, however, the remote LVS host does not hit the app server at the main branch - or see the return traffic.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
snowdog_2112Author Commented:
abandonned...no solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.