|
On Thu, 26 Sep 2002, Horms wrote:
> I am not entirely sure that I understand your setup. Your suggested
> hack to ldirectord sounds like it would work, but also sounds like
> it may lead to some headaches down the road - obscure hacks can
> be difficult to maintain.
My (proposed) setup is no different than a standard TUN or DR type LVS
setup. The only constraint is that I'd (ideally) like to have the daemons
on the realservers only bind to a single ip/port, which makes monitoring
on the realserver's main ip (RIP, whatever) not an option.
Our configuration/provisioning system does have a mechanism to make our
apaches (or whatever) bind to multiple IPs, so I could take that route,
but it seems to me like this issue would be something that a lot of people
would run into when setting up large LVS clusters with lots of services on
them (multiple web servers on different ips, eg multiple https sites,
etc.). So, creating a way for ldirectord to monitor the service on the
_same_ ip/port that it'll be redirecting traffic to (the VIP) seems ideal
anyway (and a probably a "good thing" too).
The trick is just encapsulating ldirectord's connect/query checks in an
IPIP packet destined for the realserver in question, without munging up
normal LVS operation or routing. And it seems like using "source routing"
(or whatever you want to call it.. the routing policy mechanism i think it
is?) to do this is the way to go, since you can encapsulate only traffic
from the localhost (director DIP, presumably) to the RIP you're checking.
Has anybody else tried this? Does this sound like a worthwhile extension
to ldirectord? Is anybody interested in pursuing something like this?
I'm ready to try it out (I'm pretty sure i can make it work), my only
problem is that I'm not very familiar with the "new" ip routing tools
(iproute2 or whatever) and how to easily/reliably set up the temporary
routing rules/policies for the check (and remove them when I'm done).
Perhaps somebody on this list might be able to give me a hand with that!
:)
Regards--
sage
> On Wed, Sep 25, 2002 at 04:37:55PM -0700, sage weil wrote:
> > Hi all,
> >
> > I'm setting up an LVS cluster using ldirectord and am running into
> > problems monitoring the realservers. The services on our machines are
> > configured to bind to a single IP address (the VIP), and for ease of
> > management and scalability we'd like to be able to keep things that way.
> > Unfortunately that means that ldirectord thinks the service is down when
> > it tries to connect to port whatever on the RIP.
> >
> > My question is this: is it possible to monitor the service on the
> > realserver using the VIP via the ipip tunnel?
> >
> > I think this should be possible by creating a source route from the DIP to
> > the VIP via an IPIP tunnel the RIP (using the new ip routing tools).
> > ldirectord's monitoring functions could to modified to
> >
> > - add the route to a particular RIP, something like
> > ip rule add from DIP to VIP table realserver1
> > ip route add VIP via RIP dev tunl0:123 table realserver1 (???)
> > - do normal check
> > - remove route
> >
> > and repeat for each realserver it's monitoring. Since there's normally no
> > IP traffic originating from the director to the VIP this shouldn't affect
> > anything else on the system...
> >
> > Has anybody tried anything like this? Would this work?
>
>
> --
> Horms
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
|
