Linux "remote" LVS forward to "main" LVS in front of Apache

Posted on 2014-07-15
Last Modified: 2015-01-12
I have a working 2-node LVS group using piranha in front of a 2-node Apache group.

The LVS hosts are in Direct Route mode and have a Virtual IP (VIP) which they listen on, and forwards the 2 Apache servers in round-robin (for testing - if another selection method is preferred/required, I am certainly open to that).

What I'm looking to do is put a "standalone" LVS host at a branch office, so local requests hit the branch LVS host, which has its own VIP on the local subnet (of the remote branch).  The LVS host then forwards those (thru a VPN tunnel) to the VIP of the LVS group at main location.

I have this all "working"....except I can't open a web page using the VIP at the remote location.

More info:
Main -
   LVS1 (Real IP) -
   LVS2 (RIP) -
   VIP -

   apache1 (RIP) -
   apache2 (RIP) -
   virtual-host - *:81  <-- the website is on port 81
   apache1/2 use arptables_jf and "mangle" replies as (LVS1/2 RIP's)

   LVS3 (RIP) -
   VIP -

   piranha Virtual Server has a single Real Server: (the VIP at Main)

I see the get/expect requests from LVS3 RIP in the apache logs.  I can ping the remote-VIP ( from the remote subnet.
I can't open a browser to, nor can I telnet to the remote-VIP:81

iptables have appropriate entries and SElinux is disabled.
Question by:snowdog_2112
    LVL 61

    Expert Comment

    What is the gain? Traffic on wire is same, no added availablity?

    Author Comment

    (sorry for the delay!!!  this dropped off my radar for other pressing matters.)

    Gain?  I am not sure what you mean - I'm new to LVS and piranha.

    With respect to "traffic on wire", I am also a little confused - which traffic on which wire?
    LVL 61

    Expert Comment

    Total traffic between remote office and had application does not change at all

    Author Comment

    The gain has to do with tunnel availability.  Due to the network arrangement of the remote location, we do not have direct access to the firewall at the remote location which makes the lan-2-lan tunnel to the main.

    There have been several cases where Internet access works at both locations, but the tunnel is broken for extended periods.

    The LVS at the remote location can be used to direct traffic to the public IP of the main branch LVS, without changing the applications or DNS entries.

    Does that answer the "why" question?

    Thanks again!
    LVL 61

    Expert Comment

    You need small bits from webserver even with all static content permanently catched (like pages linking static images)

    Accepted Solution

    I missed an item on the configuration - though it doesn't affect the original question....

    The remote LVS host will *also* have a replica of the Apache/app server in the remote branch.

    You are correct - the LVS host at the remote branch *will not* be able to reach the main office.

    The idea is the remote LVS host will "fail over" to its local app server.

    (I plan on making the local app server "unavailable" to the LVS host if the main branch is online, so traffic should fail to the local replica *only if* the main branch is inaccessible).

    So...the remote office LVS host has *TWO* RIP's behind it:
    - local app server (normally "offline" as far as the LVS can tell - the test/expect will be a fail).
    - main branch - this RIP is, itself another LVS host, with 2 app servers behind it.

    The question remains the same, however, the remote LVS host does not hit the app server at the main branch - or see the return traffic.

    Author Closing Comment

    by:snowdog_2112 solution.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
    The purpose of this article is to demonstrate how we can use conditional statements using Python.
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now