LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Re[2]: LVS and a PPPoE/L2TP concentrator

To: Andre Docena Correa <andre.docena@xxxxxxxxx>, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Re[2]: LVS and a PPPoE/L2TP concentrator
Cc: Alex Kramarov <alex@xxxxxxxxxxxxxxx>
From: Matthew Crocker <matthew@xxxxxxxxxxx>
Date: Tue, 22 Apr 2003 22:40:29 -0400

On Tuesday, April 22, 2003, at 04:44 PM, Andre Correa wrote:


Let me try to be more detailled in this post.

My concentrator is a Linux box, kernel 2.4.20. Its main function is to
act as a PPPoE server. The PPPoE daemon "listen" to PPPoE requests at
L2, makes its handshake with the client (LCP talk) and, if the user is
authenticated, it gets an IP address. The PPPoE handshake happens
without an IP address on the client side.

With the client authenticated and with an IP address, the concentrator
sets routing, iptables and traffic control rules to firewall, NAT and
traffic shape client's traffic.

L2TP would do something similar, but for now I'm more concerned about
PPPoE.


Hrmmmm..

LVS-DR works at layer 2 by rewriting the Ethernet MAC address of the packet. It doesn't touch the IP address. If you used iptables to mark packets based on layer 2 info (MAC address, ToS, protocol...) could LVS-DR be setup to load balance the traffic based on the fwmark? Does LVS-DR need the IP header info for connection tracking? Maybe we'll need a helper module to track the multiple packets for a PPPoE session.

PPPoE is also PPP so the session between the client and the server needs to be maintained for the life of the session. After the client gets assigned an IP address it wraps all outbound packets up in PPPoE packets and sends them to the server to be unwrapped (I think this is how it works). Many times the Ethernet is wrapped up in ATM for DSL access.

L2TP is Layer 2 (Ethernet,PPP) wrapped in a Layer 3 (IP) packet on the client and sent to the server where it is unwrapped. We use L2TP to pickup PPP sessions from client modems that are handled by remote terminal servers. Our customers dial into a Verizon modem pool which handles the modem connection. The PPP session from the customer computer is tunneled over IP over ATM using L2TP to our router. The PPP session is terminated at the router and it assignes an IP to the customer computer. The Verizon modem pool doesn't know, or care about what IP we assign the customer.

I think LVS-DR could be used for L2TP balancing with some creative use of iptables & fwmarking. For PPPoE I think you'll need a lot of effort because the IP header doesn't exist.




I'm sorry but I don't followed your idea of the "heartbeat for
failover in an active-active config". My goal is to have multiple
concentrators acting as a single PPPoE server and as a single
firewall,  NAT,  QOS  box. Everything in my setup is Linux, except the
clients...

In my point of view a solution that establishs some kind of
"session" based on users MAC address would be a great solution because
the client would use the same realserver during the whole PPPoE
session. But I don't know much about how LVS works... and that is why
I'm asking for help here. If think I need an "L2 load balancer"...
does such a thing exists on Linux? (he!)

tks in advance for the attention.

cheers.

Andre



On 22/04/03, Alex Kramarov wrote:
AK> every piece of documentation i have read about L2TP suggests that packets AK> involved in the l2tp connection cannot be modified in any way, so you cannot AK> use LVS-NAT - maybe LVS-DR would work, but since pptp and l2tp involve AK> several connections (udp, tcp, gre), it's would be tough to balance the AK> several streams streams of data of the same connection to the same server.

AK> Just a suggestion, but what do you gain by using 2 lvs directors to
AK> loadbalance 2 concentrators, that you wouldn't get by 2 concentrators AK> running heartbeat for failover in an active-active config (unless the AK> concentrators are not linux, but some os that can't run heartbeat ) ?

AK> ----- Original Message -----
AK> From: "Andre Correa" <andre.correa@xxxxxxxxx>
AK> To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
AK> Sent: Tuesday, April 22, 2003 9:42 PM
AK> Subject: LVS and a PPPoE/L2TP concentrator

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users


<Prev in Thread] Current Thread [Next in Thread>