Varnish and multiple interfaces
Henry M. Umansky
humansky at Princeton.EDU
Tue Oct 4 04:57:07 CEST 2011
According to tcpdump, traffic from varnish is coming from eth0 (incorrect IP) and traffic coming from nginx is coming from eth0:0 (correct IP). Apache logs are also confirming the IP information.
Henry Umansky
Web Development Services
Princeton University
humansky at princeton.edu
609-258-1674
On Oct 3, 2011, at 10:34 PM, David Birdsong wrote:
> Are the remote backends by chance looking at either the layer 4 (ip
> level) address OR if present, a value found in an http header such as
> X-Forwarded-For?
>
> On Mon, Oct 3, 2011 at 7:31 PM, Henry M. Umansky <humansky at princeton.edu> wrote:
>> That's what I thought too, but I'm also running nginx on the same machine. I
>> set up nginx to listen to eth0:0, and all traffic to the remote backend
>> sees the IP address of eth0:0. However, when I try to do the same with
>> Varnish, the backends sees the IP address of eth0.
>>
>> Henry Umansky
>> Web Development Services
>> Princeton University
>> humansky at princeton.edu
>> 609-258-1674
>>
>> On Oct 3, 2011, at 10:02 PM, David Birdsong wrote:
>>
>> Varnish doesn't send traffic out of interfaces, the OS does. Your
>> kernel routing table will determine which device is part of a
>> particular route. For most traffic, the 'default' route is the route
>> that matches outbound traffic. You can change your default route to
>> exit a particular interface--though I'm not sure if an ethernet alias
>> will work. Try it out.
>>
>> On Mon, Oct 3, 2011 at 6:26 PM, Henry M. Umansky <humansky at princeton.edu>
>> wrote:
>>
>> Hello,
>>
>> I'm running Varnish 2.1.5 on Red Hat Enterprise Linux Server release 6.1.
>> Currently I have two interfaces: eth0 and an alias eth0:0. I need Varnish to
>> bind to eth0:0, which it does perfectly, however, outgoing traffic is going
>> through eth0. Is there anyway to tell Varnish to send outgoing traffic
>> through the same IP address I tell varnish to "listen" to? I guess I can
>> route the traffic accordingly via iptables, but I'd prefer to do it at the
>> application layer if possible.
>>
>> Any help would be much appreciated, varnish is an amazing product!!!
>>
>> Henry Umansky
>>
>> Web Development Services
>>
>> Princeton University
>>
>> humansky at princeton.edu
>>
>> 609-258-1674
>>
>>
>> _______________________________________________
>>
>> varnish-misc mailing list
>>
>> varnish-misc at varnish-cache.org
>>
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>
>>
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc at varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>
More information about the varnish-misc
mailing list