LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

BONUS: FWMARK lets you do persistence by port groups

from [Ted Pavlic] [Permanent Link]
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: BONUS: FWMARK lets you do persistence by port groups
From: "Ted Pavlic" <tpavlic@xxxxxxxxxxx>
Date: Fri, 4 Aug 2000 16:40:38 -0400 
Periodically the issue comes up regarding wanting to do persistence by
groups of ports. Until now, an LVS administrator could make a single port
persistent or all ports persistent.

Single port persistence was nice for quite a few things. However, things
like HTTP and HTTPS caused complications with it. Someone who connected to a
webpage on HTTP and started a session tied to them with a cookie would want
to return to that same real server when they went to the HTTPS version of
that site. FTP would also cause a problem with single port persistence as
someone who wanted to use passive FTP wouldn't be gauranteed the same server
when they returned on a random TCP port above 1024. There are other examples
as well.

So the solution to these problems would be to make every port persistent.
This works pretty well, but now anytime a user of a large network behind a
firewall would connect to a real server on ANY service, everyone behind that
firewall would hit that same real server. Plus, if an administrator wanted
to stop scheduling a single service to a single real server, he would have
to take all services down on that single real server. This causes many
problems as well... especially if one small service dies on every real
server -- brings down every service on every real server.

So there has been the need for persistence by port GROUPS. Rather than
saying all ports are persistent, it would be nice to tell LVS to tie just
80/tcp and 443/tcp together or just 21/tcp and 1024:65535/tcp together.
Before the wonderful FWMARK additions to LVS, this was not possible.

But now that LVS listens to FWMARKs, it becomes possible to group ports
together inside ipchains with different FWMARKs and then tell LVS to listen
to those FWMARKs.

For example, one can setup a rule inside FWMARK to do this...

80/tcp, 443/tcp --> FWMARK1
21/tcp, 1024:65535/tcp --> FWMARK2
25/tcp --> FWMARK3
110/tcp --> FWMARK4

Then inside LVS (assume on this setup all of these services are served by
the same real server cluster), say:

FWMARK1 -> PERSISTENT -> real1,real2,real3,real4
FWMARK2 -> PERSISTENT -> real1, real2, real3, real4
FWMARK3 -> real1, real2, real3, real4
FWMARK4 -> real1, real2, real3, real4

Not only have you now setup persistence by port groups, but you've also
split your services back up into autonomous services that will not bring
EVERY server down for the sake of persistence. If FTP goes down on real1,
real1 only needs to be stopped scheduling for FTP.

What do you think? I've got this setup on my LVSs and it seems to be working
pretty darn well.

All the best --
Ted
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: hot-plug realservers, Julian Anastasov
Next by Date:  Re: hot-plug realservers, Jay J
Previous by Thread:  How to install ethernet card?, Eric
Next by Thread:  Re: BONUS: FWMARK lets you do persistence by port groups, Ratz
Indexes:  [Date] [Thread] [Top] [All Lists]