I have a web application which is load-balanced using LVS which has been hosted within my organization’s network to this point. We’ve used both direct and tunnel routing within LVS, which results in our real servers using the VIP’s IP as the source for the reply (and sent directly to the user from the real server). I’d now like to augment my application’s capacity using a cloud provider.
The problem is that using the VIP’s IP on a cloud provider (at least EC2) will not work, due to spoofing protection. However, this is an IP address that I control, and I have the whois data to prove it. Does anybody know of a cloud provider that would allow me to send packets with my VIP’s IP as the source IP, as opposed to the IP they assign to me? Thanks.
Even if you could send packets with a source IP not within the cloud provider’s control, you could not receive packets to that IP address at the cloud provider. So the short answer is no.
Cloud architectures deal with this issue in different ways, using internal load balancers (or you can roll your own). Consult the provider’s load balancer documentation.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.