by Nuno Dantas
ethx ----- Brigde ---- vif1 :--- vif2 :--- vif3 :--- vif4 :--- vifN
brctl addbr nomedabridge
brctl addif ethX
brctl show
root@kvm0:~# brctl show bridge name bridge id STP enabled interfaces rede28eth0 8000.0015171954fc no eth0 vnet2
auto rede28eth0 iface rede28eth0 inet manual bridge_ports eth0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off
ethx --ethx.vlanX--- Brigde ---- vifX1 : :--- vifX2 : :--- vifX3 : :--- vifX4 : :--- vifXN : :-ethx.vlanY--- Brigde ---- vifY1 :--- vifY2 :--- vifY3 :--- vifY4 :--- vifYN
vconfig add eth1 25
vconfig add eth1 97
root@kvm0:~# cat /proc/net/vlan/config VLAN Dev name | VLAN ID eth1.25 | 25 | eth1 eth1.97 | 97 | eth1
auto marcadores iface marcadores inet manual bridge_ports eth7.112 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off pre-up vconfig add eth7 112 post-down vconfig rem eth7.112
ethA ---: + ethB ---:----bond0 + ethC ---:
modprobe bonding mode=balance-alb miimon=100
ifenslave bond0 eth0
ifenslave bond0 eth1
auto bond0 iface bond0 inet manual slaves eth2 eth3 bond_mode 802.3ad bond_xmit_hash_policy layer3+4 bond_lacp_rate fast bond_miimon 100 bond_downdelay 200 bond_updelay 200
root@kvm0:~# cat /proc/net/bonding/bond0 Bonding Mode: IEEE 802.3ad Dynamic link aggregation Transmit Hash Policy: layer3+4 (1) MII Status: up MII Polling Interval (ms): 100 Up Delay (ms): 200 Down Delay (ms): 200 802.3ad info LACP rate: fast Aggregator selection policy (ad_select): stable Active Aggregator Info: Aggregator ID: 2 Number of ports: 2 Actor Key: 17 Partner Key: 12289 Partner Mac Address: 5c:e2:86:19:7c:01
ethA ---: + ethB ---:---bond0--bond0.vlanX--- Brigde --- vif1 + : :-- vif2 ethC ---: : :-- vif3 : :-- vif4 : :-- vifN : :-bond0.vlanY--- Brigde --- vif1 :-- vif2 :-- vif3 :-- vif4 :-- vifN
auto redegestao iface redegestao inet static bridge_ports bond0.97 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off pre-up vconfig add bond0 97 post-down vconfig rem bond0.97
auto redegestao iface redegestao inet static bridge_ports bond0.97 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off pre-up vconfig add bond0 97 post-down vconfig rem bond0.97 address 172.16.20.123 netmask 255.255.255.0 network 172.16.20.0 broadcast 172.16.20.255
VIP:port ---- IPVS ---- Real Server 1 :--- Real Server 2 :--- Real Server N
ipvsadm -A -t 193.136.28.130:143 ipvsadm -a -t 193.136.28.130:143 -r 172.16.20.179:143 -m ipvsadm -a -t 193.136.28.130:143 -r 172.16.20.180:143 -m ipvsadm -a -t 193.136.28.130:143 -r 172.16.20.181:143 -m
# Virtual Service for IMAP virtual=193.136.28.130:143 real=172.16.20.179:143 masq real=172.16.20.180:143 masq real=172.16.20.181:143 masq service=imap scheduler=rr #persistent=600 protocol=tcp checktype=negotiate
iptables -t nat -A POSTROUTING -o eth0 -s \ 172.16.20.179 -j SNAT --to-source 193.136.28.130
IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 193.136.28.130:25 rr -> 172.16.20.179:25 Masq 1 0 0 -> 172.16.20.180:25 Masq 1 0 0 -> 172.16.20.181:25 Masq 1 0 0 TCP 193.136.28.130:143 rr persistent 300 -> 172.16.20.179:143 Masq 1 1 0 -> 172.16.20.180:143 Masq 1 0 0 -> 172.16.20.181:143 Masq 1 0 0
IP:PORT ---- Stunnel---- IP:PORT
193.136.28.130:993 ---- Stunnel---- 193.136.28.130:143
stunnel -p imap.pem -d 193.136.28.130:993 -r 193.136.28.130:143
cert=/etc/ssl/certs/10279593.crt CAfile=/etc/ssl/certs/10279593.ca-bundle key=/etc/ssl/certs/imap.key sslVersion = all chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /imap.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 [imaps] accept = 193.136.28.130:993 connect = 193.136.28.130:143
ethA ethB ethC : : : -----+------ : :- vifX4 (RSN) bond0 :- vifX3 (RS2) : :- vifX2 (RS1) .-------:--bond0.vlanX-- Brigde -- vifX1----. : : : : : /-stunnel--VIP:port--IPVS--\: : :\-stunnel--VIP:port--IPVS--/ : : : :--------------------. : : :-bond0.vlanY--- Brigde -- vifY1 ---: :- vifY2 -- (VM2) :- vifY3 -- (VM2) :- vifY4 -- (VM2) :- vifYN -- (VMN)