|
Thanks so much for all your advice! I have gone with heartbeat betweent the
ld's and keepalived for the real servers to change values in the ipvsadm
table. The keepalived part worked well but I'm having problems with getting
even the simplest ipvsadm setup going.
I'm using RedHat 7.1 and haven't recompiled the kernel since by default it's
supposed to have ipvsadm enabled as well as iptables - that's what I read
somewhere anyway...I'm starting to have my doubts. I'm using ipvs-0.2.12 to
manage ipvsadm functions. When I type ipvsadm I get:
IP Virtual Server version 0.2.7 (size=65536)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
So I'm assuming this is working. I have configured it as such for my
primary load balancer...which I'm using for all my testing:
IP Virtual Server version 0.2.7 (size=65536)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP xvfw:http rr
-> ws2:http Masq 1 0 0
-> ws1:http Masq 1 0 0
This is not working. I get InActConn's when I try to connect with the
client but never an active. When I do a ipvsadm -l c I see a SYN_REC which
times out after 60 seconds.
IPVS connection entries
pro expire state source virtual destination
TCP 00:56.50 SYN_RECV marklt:1631 xvfw:http ws2:http
I decided to make sure my NAT stuff was working outbound. I used ipchains
since iptables --list returns the following:
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: init_module:
Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including
invalid IO or IRQ parameters
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables
failed
iptables v1.2.1a: can't initialize iptables table `filter': iptables who?
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
At this point I can surf anywhere from my real servers, and I know there are
no rules to prevent traffic into the virtual address on the firewall. I'm
distubed though by the iptables message though and am wondering, since this
version ipvsadm is supposed to be designed to work with iptables if this is
my problem. Has anyone else worked with RH 7.1 and ipvsadm? Does anyone
have any ideas on how to fix iptables?
Thanks again for all the help. This is a REALLY good user list.
Mark
> -----Original Message-----
> From: lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx
> [mailto:lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Alexandre
> CASSEN
> Sent: Thursday, May 10, 2001 1:18 AM
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: Hot Spare config with LVS?
>
>
>
>
> Hi Mark,
>
> For your 2 LDs you need to run a Hot standby protocol.
> Hearthbeat can be
> used, you can also use vrrp or hsrp. I am actually working on
> the IPSEC AH
> implementation for vrrp. That kind of protocol can be usefull
> because your
> LD backup server can be used even if it is in backup state (you simply
> create 2 LDs VIP and set default gateway of your serveur pool
> half on LD1
> and half on LD2).
>
> For your webserver hot-spare needs, you can use the next keepalived
> (http://keepalived.sourceforge.net) in wich there will be
> "sorry server"
> facility. This mean exactly what you need => You have a RS
> server pool, if
> all the server of this RS server pool are down then the sorry
> server is
> placed into the ipvsadm table automaticaly. If you use
> keepalived keep in
> mind that you will use NAT topology.
>
> Best regards,
>
> Alexandre
>
>
>
>
>
>
>
>
>
>
>
> >I'm currently helping out with a new LVS/netfilter
> deployment. We want a
> >configuration where two Solaris based web servers will be setup in a
> primary
> >and secondary configuration. Rather than load balancing
> between the two
> we
> >really want the secondary to act as a hot spare for the
> primary. So we
> want
> >to use LVS which is, by definition, a load balancer as more
> of a manager
> for
> >HA for a different OS - Solaris. Obviously the cost
> advantages of two
> Linux
> >boxes and LVS over commercial (Alteon, Extreme Switches,
> Veritas, etc.)
> >products make it worth the trouble. We also want use the
> LDs as Firewalls
> >for this project using netfilter.
> >
> >So, the question I have is this:
> >Is there any combination of schedules and/or weight (0
> perhaps?) values
> that
> >will allow for configuration of the 2 real servers to be
> setup with one as
> a
> >primary and one as a secondary server in hot-spare capacity.
> Basically we
> >only want the secondary real server to process requests if
> the primary is
> >removed by mon from the ipvsadm table. Once mon detects
> that the primary
> is
> >providing the services we want mon to add it back to the
> ipvsadm table and
> >requests to the secondary real server to cease.
> >
> >Here is a quick diagram to help illustrate this question:
> >
> > Internet LD1&LD2 - Linux 2.4 kernel
> > | RS1&RS2 - Solaris
> > Router
> > |
> > -------+-------
> > | |
> > ----- -----
> > |LD1| |LD2|
> > ----- -----
> > | |
> > -------+-------
> > |
> > Switch
> > |
> > ---------------
> > | |
> > ----- -----
> > |RS1| |RS1|
> > ----- -----
>
>
>
>
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
