Skip to main content Link Search Menu Expand Document (external link) Copy Copied
Notes

SAG

Table of contents

  1. Hightlights
  2. Steps

Hightlights

LVS as transparent

host –> DIR_LVS –(ipip)–> RS_TProxy

Steps

VPC configs:

  • Security group allows IPIP
  • SNAT allows 0/0, because host network may not in the same VPC with LVS gateways
  • Set default return to host network to DIR
  • DIR, RS: ip_forward=1

DIR configs:

  • local delivery: >ip rule add fwmark 80 lookup 100 >ip route add local 0/0 deve lo talbe 100

  • ipvsadm
  • iptables: forward drop add ACCEPT rules mangle mark 27/80

RS configs:

  • tunlo MUST set local ip as 192.168.255.254, that may not confict with others, as squid transparent mode only worked on local interface with available IP.