Re: keepalived (was Re: News contrib to LVS)

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx, Alexandre.Cassen@xxxxxxxxxx
Subject: Re: keepalived (was Re: News contrib to LVS)
From: "Lorn Kay" <lorn_kay@xxxxxxxxxxx>
Date: Sun, 24 Dec 2000 20:18:32 -0000


Julian Anastasov wrote:

>5. NAT is not the only used method. The DR and TUN methods don't allow

>the director's checks properly to check the real services: the real

>service listens to the same VIP and it is hard to generate packets
>in the director with daddr=VIP that will avoid the routing and will
>reach the real server. They don't leave the director. What means this:
>we can't check exactly the VIP:VPORT in the real service, may be only
>RIP:VPORT ? This problem does not exist when the checks are performed
>from the real service, for example the L4 check can be simple bind()
>to VIP:VPORT. Port busy means L4 succeeds. No problems to perform
>L7 checks. Sometimes httpd can listen to many virtual domains with
>bind to Why we need to perform checks for all these VIPs
>when we can simply check on of them. Many, many optimizations, User
But it is nice to be able to have the ability to configure this (the VIP/RIP and PORT combination) since we don't want to assume the only configuration is multiple HTTP daemons (for example) bound to (Even if we are local on DR or TUN server).
In Apache http.conf we can specify a LISTEN port and run a separate daemon for HTTPS on port 443 for example. If this https daemon or daemons dies, or fails to start (because we have it configured to prompt for our security certificate password at startup) we wouldn't want to make assumptions about the health of the daemons listening on port 80 right?
Also, Julian does your comment about FWMARK mean you think keepalived will not work with FWMARKing Directors?
Many thanks to Alexandre Cassen for the great contribution... I plan to test it further in the lab ASAP.

Get your FREE download of MSN Explorer at

<Prev in Thread] Current Thread [Next in Thread>