Re: [Keepalived-devel] Consolidated config file

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Keepalived-devel] Consolidated config file
From: Matthew Crocker <matthew@xxxxxxxxxxx>
Date: 29 Jan 2003 12:13:19 -0500
On Wed, 2003-01-29 at 11:41, Jacob Coby wrote:
> > What is the feasibility of running a daemon on the director and a
> > service on the real servers.  The real servers would announce the
> > services that they are willing to accept.  The daemon would control the
> > monitoring of the services and building the LVS tables to route the
> > services to the real servers.  The real servers would monitor their load
> > and can add/drop services depending on some local factors.  This would
> > allow the real servers to handle some more intelligent monitoring and
> > simplify the monitoring aspects of keepailved.
> What exactly would you be able to do that keepalived can't do now?

Couple things off the top of my head.

A server knows its current state better than any other system.  A daemon
running on a server can be checking CPU load, Disk, network I/O. Service
availability, logs etc and can tell the director if/when it wants more
traffic.  Setting up different weights for different services/servers is
nice but it isn't dynamic.

Having the server announce its availability is great because when I want
to take a service up and down for testing I currently have to go into
the directory, modify the keepalived.conf file, reload it.  Then I need
to get into the real server and play with the services.   If I could
just get into the real server and tell the daemon to stop accepting mail
traffic until I'm done it would be easier.

Making it completely dynamic would allow me to build stuff on the fly.
The real servers could have IP's distributed via DHCP, netbooting etc.

The current way keepalived works is pretty good, I use it and I don't
find myself modifying the config all that often.  I would like an easier
way of disabling a service from the LVS as I test out new features.

If I manually delete the LVS entry or set its weight to 0. Then shut
down the service, make changes and restart it.  Keepalived will see the
service go away and when it is restart it add it to the LVS table
again.  This is not what I want.  I want to be able to disable the
service until I say it is ok to re-enable them.  Currently the only way
to do that is to edit the keepalived.conf file and reload it.  I really
should do it on both master and backup directors.  As I'm cycling
through my 4 mail servers it becomes tedious to get into the 2
directors, disable, restart .... 

If I could tell a local daemon on each server to stop the service it
would save some time and confusion.

> In this situation, you could announce to the director 'hey, i'm getting
> killed here, bring up more servers to handle this service, if you got them!'
> Which is basically what the wrr and wlc stuff does.  You can give your two
> primary mail servers a [much] higher priority than the webservers.  Only
> when the load gets high does the webserver start to take over.

Yeah but the real server has the best picture of its actual load, more
than just # of connections.

> Don't get me wrong, I'm not trying to say that you have a bad idea.  In
> fact, on the surface, I like it.  But after thinking about it a bit,
> everything you want to be able to do is doable /now/ with the tools
> available, it just works in reverse of what you propose.  I'm personally in
> favor of having the director as an authoritive source for what goes where
> instead of an announce/opt-in system.

Yeah the security would have to be pretty clean to make sure servers
don't start announcing stuff you don't want..

> ----- Side note:
> I would personally like to see the effort put into consolodating the various
> pieces (lvs, keepalived, heartbeat, etc) into one product like piranha that
> could be administered over the web and with an easy to use ncurses interface
> for those paranoid souls.
> Something that makes the process of setting up this stuff very very easy and
> that could be embeded into a dedicated server like a google box or some of
> the expensive load balancing solutions.
> Maybe even going as far as adapting (ie, stripping) a stable distro and
> making ISOs.  I wouldn't mind donating the limited time I have available to
> making something like this come to fruition.
> Hell, I'd lead the project :-)

I like this idea,  You'll have to handle the iptables, tc stuff as
well.  With my config I use iptables to fwmark packets going to a Class
C on port 80 & 443. I then have some ip policies to handle the marked
packets as local.  I have LVS handle the marked packets to my web
servers.  The Class C is not configured on any interfaces in my
director.  I also planning on using tc to apply QoS to the number of SYN
packets my mail server can receive from the Internet over a period of
time to help limit SPAM from using up all my inbound mail connections
(100 per machine, 400 for the director total).

I'll help test ;)


> -- 
> Matthew S. Crocker
> Crocker Communications, Inc.  / Vice President
> PO BOX 710
> Greenfield, MA 01302-0710
> Voice: 413-746-2760
> Fax: 413-746-3704
> Web:
> E-mail: matthew@xxxxxxxxxxx
> GPG Public Key:

<Prev in Thread] Current Thread [Next in Thread>