[f-nsp] UDP and non-DSR ?

[David Miller]

On Sep 19, 2013, at 4:49 PM, Eldon Koyle wrote:

> Since I haven't seen anyone else reply...
> 
>> From what I remember, if you don't want to do any NAT and you also want
> both directions of traffic to go through the load balancer (ie.
> non-DSR), it must be in-line; I'm not completely sure what you are
> asking, though.  You can certainly put DNS servers behind the load
> balancer and use source-nat, just like you do with your webservers.

It worked automagically with the web servers, I assume because it's TCP.  Doing the same thing with DNS had a different outcome.

> Or are you having difficulty getting DNS replies back to the right
> backend webserver?

I was having problems with unintended DSR :)  The client address wasn't nat'd by the SI, and since the client IP was on the local network the reply went directly to the client.  I ran into problems on the nameservers themselves setting up DSR.

I ended up moving the two nameservers to a different network.  Packets now go through the SI both ways, NAT happens properly, and life is good.  Maybe next time I'll take a better look at getting DSR right as this seems like a perfect use for it.

Thanks for the help Eldon.  I can't believe the S/N ratio on this list, and will now go back into lurk mode so as not to lower it.


--- David