Sub-net Routing

Question

Applications hosted on servers located in the same subnet cannot reference domain names (VIP) hosted on the load balancer for the subnet.

Assumption: server A and server B are hosted in the same subnet.

Application hosted on Server A is connecting to the VIP (which references an application hosted in Server B).

Connection initiation will go from Server A, via the VIP, to Server B; however, the response comes back directly from Server B to Server A.

Server A will not accept the response as it had sent the original request to the VIP only.

Question: Is this normal occurrence in network set-up? The suggested solution was to create a special internal-to-subnet IP for Server A to call app on Server B: I do not like this solution as it can lead to proliferation of internal IPs that can be cumbersome to manage.

The other option is to sprout subnets....

Any thoughts or suggestions?

Is server A gets a response from server B or does Server B initiate a new call as a respones ? — Dani, Oct 30 '09 at 20:04

score 1 · Answer 1 · answered Oct 31 '09 at 02:21

You're doing DSR (direct server return). For it to work properly, the load balancer needs to be aware of that, so that it only modifies the destination MAC address, but leaves both IP addresses in the packet intact. Also, the VIP needs to be configured on a loopback interface of all servers behind the load balancer, so that the incoming packets with VIP in the destination field are accepted. Whatever service lives there will also need to be configured to use VIP, unless it binds to 0.0.0.0. Once you have those pieces in place, everything will work, like this:

A sends a packet with its own IP and MAC in the source, VIP and LB's MAC in the dest.
LB receives the packet, rewrites dst MAC from its own to the MAC of one of the balanced servers and sends it over to B.
B receives the packet, sees valid dst IP (since it's VIP, and it has VIP on the loopback), kicks it down to the service to handle.
The service sends the answer, with VIP and server MAC now as the source, and A's IP and MAC as the dest.
The packet arrives at A, which recognizes it as a valid response to the original request.

BTW, your tags are totally wrong, since there's no routing involved. It's mostly Layer 2 tricks, with some configuration modification on Layer 3.

Reference: LBWiki

Sub-net Routing

1 Answers1