|
> Hrm... your issue here is that your realservers have to forward their
> return traffic to clients through the same director that fired it at
> them. The LVS sync daemon may or may not do what you want - it isn't
> real time (almost, but not quite) as in the interests of network
> throughput it aggregates connection states into a buffer and only
> send a
> packet when the buffer is full. I'd have to read the code to see how
> many connections/packets/state changes that takes, but it would result
> in some unreliability if traffic returned through the "other" director
> from the realservers' point of view.
Understood.
> As an additional question - how are you configuring things on the
> client-facing side of the directors (ie. how are you making the same
> IP
> active on both machines without having ARP clashes, or worse, no arp
> at
> all)? Is your CEF balancing and forwarding to the hosts directly (ie
> routing) instead of forwarding to an IP? Have you done some MAC
> trickery, or some clever /32 routing?
Edge router A = 1.2.3.4
Edge router B = 1.2.3.5
DirA = 1.2.3.6
DirB = 1.2.3.7
Directors and the routers will run OSPF on the network.
Directors will announce a small subnet (1.2.4.1/28) via OSPF
Directors will have iptables rules matching ports on the subnets and
marking them (FWMARK)
Directors will load balance based on the FWMARKS
Directors will run keepalived to manage the ipvs table for the real
servers.
Edge routers will see two equal cost routes via OSPF
1.2.4.1/28 via 1.2.3.6
1.2.4.1/28 via 1.2.3.6
Cisco per-flow load balancing will install both routes into the router
FIB and load balance inbound traffic to each director.
LVS-NAT won't work because of the requirement that returning traffic
has to pass through the correct director. LVS-DR would probably work
fine, the real servers could then send the return traffic directly
back to the routers.
-Matt
|
