LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: Performance issues with LVS-NAT

from [Graeme Fowler] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Performance issues with LVS-NAT
From: Graeme Fowler <graeme@xxxxxxxxxxx>
Date: Thu, 10 Feb 2005 15:14:31 +0000 (GMT) 
On Thu, 10 Feb 2005, Joseph Mack wrote:
> It took a while for someone to figure out the current solution. 
> I guess we're going to have to wait till someone, with enough need,
> figures out another scheme.

...enough need, that'd be me then. Damn.

Jacob's solution is good, as long as (has been mentioned already) the clients
are capable of utilising iptables. In one specific scenario I am currently
running, there's a mix of Windows and Linux realservers, which renders the use
of Jacob's solution at least partially problematic.

Thinking out loud for a moment...

A logical extension of the /etc/hosts idea, if you're running a large cluster
environment for (say) a web farm, and you already know (because of the vhosts
definitions) what the DNS names are which your vhosts are using... why not 
setup a local DNS "spoofer" server which takes those A records and reports 
them to the clients as 127.0.0.1?

If a request from a realserver is made via an SSI or CGI, or PHP or ASP script 
byname(), setting the resolver for the realservers to point to an 
"authoritative" server for the domains involved would serve a useful function 
without having to bother either the realservers themselves or the directors. A 
catch of this approach, of course, is where the DNS is "offboard" from your 
systems, or where customers (because, I guess, most of these implementations 
have them in some form or other!) may use things like wildcard A records. And, 
of course, it could potentially screw up MX lookups easily - but then if you 
smarthosted all the mail off to an SMTP relay inside your cluster which 
doesn't use the "spoofer" DNS server, it would then know where to look 
immediately.
Additionally I suppose for a large platform, the overhead of managing such a 
DNS system might preclude its' use, but it seems a fairly clean way to achieve 
the desired results to me.

I'm going to spend some time looking into using a mix of iptables and policy 
routing, though, because that strikes me as the "cleanest" way.

Thanks for making me thing about this, chaps. I'd overlooked the necessity.

Graeme
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: LVS-DR, Apache, and monitoring scripts, Grant Carmichael
Next by Date:  Re: LVS-DR, Apache, and monitoring scripts, Grant Carmichael
Previous by Thread:  Re: Performance issues with LVS-NAT, Joseph Mack
Next by Thread:  Re: Performance issues with LVS-NAT, Joseph Mack
Indexes:  [Date] [Thread] [Top] [All Lists]