Maybe this entry will give you some information. And it's in Chinese, but I think the source codes at this entry will enough for you to understand it . <br><a href="http://www.libing.name/2008/12/30/nginx-ip-hash.html">http://www.libing.name/2008/12/30/nginx-ip-hash.html</a><img goomoji="349" style="margin: 0pt 0.2ex; vertical-align: middle;" src="cid:349@goomoji.gmail"><br>
<br><div class="gmail_quote">On Fri, May 1, 2009 at 10:48 AM, Payam Chychi <span dir="ltr"><<a href="mailto:pchychi@gmail.com">pchychi@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div class="h5">On Thu, Apr 30, 2009 at 11:29 AM, Payam Chychi <<a href="mailto:pchychi@gmail.com">pchychi@gmail.com</a>> wrote:<br>
> Hey Guys,<br>
><br>
> Question, How can you create an nginx proxy server so it uses<br>
> x-forward-header to load balance connections to its downstream web<br>
> servers?<br>
> Im using a nginx load balancer and attaching x-forward-header down to<br>
> the load balaning farm which is using ipvs/keepalived which then load<br>
> balances the traffic locally to a iis / apache cluster<br>
><br>
> issue is that from my nginx proxy to the ipvs LB as i use SNAT and the<br>
> ipvs is only layer4. When a client re-establishes his connection<br>
> though the nginx proxy, the system will change its src ip at random<br>
> and if there was previously another connection using that<br>
> src_ip:dst_port, then the IPVS will assign it to the new user...<br>
> session jacking<br>
><br>
> I am thinking that the issue could be solved by placing an nginx load<br>
> balancer in front of the ipvs and allowing nginx to load balance<br>
> traffic based on the x-forward-header.. however, this is something<br>
> that I am not sure how to do.<br>
><br>
> any insight would greatly be appreciated<br>
><br>
> --<br>
> Payam Tarverdyan Chychi<br>
> Network Security Specialist / Network Engineer<br>
><br>
<br>
<br>
</div></div>Any ideas? I would greatly appreciate any insight<br>
<br>
Thanks,<br>
<div><div></div><div class="h5">--<br>
Payam Tarverdyan Chychi<br>
Network Security Specialist / Network Engineer<br>
<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>The time you enjoy wasting is not wasted time!<br>