[CentOS] Monitoring IP masquerading on LVS load-balancing
dd-b at dd-b.net
Wed Mar 25 22:50:46 UTC 2009
I've got small numbers of connections moving through a load balancer
configured in NAT mode. So I've got an iptables table called "nat", which
has in it a line "-A POSTROUTING -o eth0 -j MASQUERADE" (lan connect is
eth0, private lan inside the cluster is eth1).
The load balancer is working; connections made to the virtual ip on that
host do get routed to one of the real servers behind this load load
But I want to observe the connections on the load balancer.
My first attempt was to use netstat with the --masquerade switch. This
produced the result "netstat: no support for `ip_masquerade' on this
system." Consistent with this, there is no /proc/net/ip_masquerade.
On the other hand, the load balancer *IS* working; those connections *are*
getting NATted and routed.
Also, lsmod shows varous relevant modules loaded:
iptable_nat 40773 1
ip_nat 53101 2 ipt_MASQUERADE,iptable_nat
ip_conntrack 91237 5
nfnetlink 40457 2 ip_nat,ip_conntrack
ip_tables 55329 2 iptable_filter,iptable_nat
x_tables 50377 7
So, netstat just isn't somehow the right monitoring tool, right? So what
is the right monitoring tool? I need to know the source IP and
real-server IP of connections being handled by the load balancer. I don't
need a lot showing exactly how each one was handled, but I'd like to be
able to determine the state of any connection currently active. How can I
David Dyer-Bennet, dd-b at dd-b.net; http://dd-b.net/
More information about the CentOS