LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: Routing path between real servers in different LVS clusters.

from [Horms] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Routing path between real servers in different LVS clusters.
From: Horms <horms@xxxxxxxxxxxx>
Date: Fri, 14 Mar 2003 19:57:14 +0900 
On Thu, Mar 13, 2003 at 08:35:20AM -0800, pb wrote:
> Hello all,
> 
> I have a question on how LVS does routing,
> specifically in a situation that I describe below.
> 
> We have two clusters (A) and (B) below:
> 
> (A)
>         EMAIL-LVS
>          /     \
>  EMAIL-REAL1  EMAIL-REAL2
> 
> (B)
>             LDAP-LVS
>           /     |    \
> LDAP-REAL1 LDAP-REAL2 LDAP-REAL3
> 
> 
> All SMTP (sendmail) requests to EMAIL-LVS do an LDAP
> AUTHENTICATION to LDAP-LVS.   There are two
> possible routing paths, and I need to know
> which one LVS actually does....
> 
> INITIAL ROUTING GOES LIKE THIS:
> 
> PC==>EMAIL-LVS==>EMAIL-REAL1==>LDAP-LVS==>LDAP-REAL1
> 
> 
> BUT ONCE THE ABOVE ROUTING OCCURS, ONE OF TWO THINGS
> COULD HAPPEN:
> 
> (1)
>        LDAP-REAL1 establishes a direct connection
>        with EMAIL-REAL1 the ldap authentication 
>        traffic passed direct between them
>        like this  LDAP1-REAL1<==>EMAIL-REAL1

There isn't really a way to achive this and still
have the connections load balanced.

> (2) 
>        LDAP-REAL1 needs to talk to EMAIL-REAL1 
>        but traffic flow must go back out 
>        LDAP-LVS, and then back into EMAIL-LVS,
>        and back to EMAIL-REAL1. And vice-versa
>        for reverse communication.

Yes, this is the case.

I would suggest using direct routing if you are concerned about
traffic overhead.

> 
> I think that the initial routing is (2) but then once
> EMAIL-REAL1 and LDAP-REAL1 establish a session, they
> talk directly like routing shown in (1).  
> 
> MY QUESTIONS:
> 
> (Q1) Please tell me if I am correct in my routing
>      assumptions (1) and (2). If not please explain.

(2) is correct, (1) is not.

> (Q2) Is there a way to make LVS do routing method (2) 
>      only (by addition of iptables/ipvsadm statements 
>      please give some examples of how-to).

Just set up a virtual service for LDAP and have
the real servers connect to this virtual service. 
As I mentioned above Direct Routing may be 
of interest to you. I am assuming that all
of these servers are on the same subnet, if
so you will probably need to turn of sending
of icmp redirects on the Linux Director, or ignore
them on the real servers.

> (Q3) Explain the benefits or pitfalls of (1) and 
>      (2), ie. which is better? why? and why do
>       the major l.b. companies apparently do (2)
>      by default?  

(2) will load balance your traffic (1) can be
acived by basically inducing the ARP problem or
not filtering ICMP redirects when using Direct Routing,
but won't really load balance your traffic.

-- 
Horms
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OLS 2003 BoF session, Horms
Next by Date:  Re: Odd, Uneven Load Balancing, Horms
Previous by Thread:  Routing path between real servers in different LVS clusters., pb
Next by Thread:  OLS 2003 BoF session, Roberto Nibali
Indexes:  [Date] [Thread] [Top] [All Lists]