LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Using LVS to replace Netscaler Load Balancer

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Using LVS to replace Netscaler Load Balancer
From: "Bill Omer" <bill.omer@xxxxxxxxx>
Date: Tue, 16 Jan 2007 19:47:31 -0500
Netscalers actually change the DEST of packets coming in.  It will
redirect traffic to the real server and all further connections will
go straight to the real.

In my configuration on an extremely large network, I'm using LVS to
load balance web and app servers.  The reals have default routes to
actual routers, not the DIP.  The LVS servers use LVS-DR to send
traffic to the reals.  Packets will come in to the VIP, which will
route them (without changing the DEST) to the real, and the real will
reply to the client.

To do this, you will need some iptables magic in order for the real
server to accept traffic with a DEST of the VIP.  Since the VIP is not
assigned to the real server, by default it would drop the packet.

Using this method along with heartbeat is by far more beneficial (both
technically and financially speaking) to our operation compared to
Netscalers.  It's been in production now for about 6 months with
hundreds of thousands of connections being handled on a global scale
and the LVS presence is drastically increasing in this year.

Hope this helps.

-Bill


On 1/16/07, Philip M <disordr@xxxxxxxxx> wrote:
Dear LVS-Users,

I work at a fairly large company with a somewhat complex network that uses
Netscaler server load balancers.
I'm just a linux monkey, but I'm evaluating using LVS as a replacement for
the expensive Netscalers.
I have set up a basic test LVS-DR and LVS-NAT network and its working fine.
(thanks for all the excellent documentation!)

This is my problem:

The network is set up in such a way, that the RIP's default gateways all
point to a router (not the netscaler load balancer).
After talking with some colleagues, I've come to realize that the
Netscaler's NAT implementation is doing something different.
They are essentially proxying the TCP connection, rewriting both the
Destination and the Source before sending the packet
off to the RIP. The RIP's reply goes through the default gateway (some
random router) back to the Netscaler, which replies to the CIP.
I've been going over the documentation and the mailing lists and am a bit
unclear if I can use LVS to do this.

One post regarding "ipvs and source nat" talks about the brownfield patch
and lvs_nat_problems.
Will these solve my problem? I'm not an iptables expert, but I plan on
testing this out and seeing if I can get it all to work.

Details of my DIP:
Linux 2.6.18 kernel
$ipvsadm -v   --> ipvsadm v1.24 2005/12/10 (compiled with getopt_long and
IPVS v1.2.1)
( does this include the brownfield patch natively that Horms was working on?
)

Any advice or additional pointers you have would be well received.

Thank you for your time,

Philip
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users


<Prev in Thread] Current Thread [Next in Thread>