|
At 22:01 98-12-13 +0100, Peter Kese wrote:
>Hello everyone!
>
>I am very interested in the Virtual Server stuff and am new to this
>mailing list (I am sort of new to linux as well (shame on me;-) ),
>therefore I would first like to welcome everyone.
>
>I have some questions to contribute to the FAQ list and will be very
>gratefull for any answers.
>
Great!
>
>- First of all I have noticed there are two releated projects: The
>"virtual server" and the "network address translation" project. Could
>you give me a hint, what is the main difference. Do I understand
>correctly that VS is more dynamic? What does NAT offer that VS doesn't?
There are different.
The load balancing feature of virtual server is now implemented in two
ways, virtual server via NAT and virtual server via IP tunneling. The
virtual server via NAT is a form of network address & port translation,
which is an extension of basic network address translation.
The Another Linux IP NAT project has now implemented static NAT codes,
which provides N-to-N static mapping from internal network addresses to
external network addresses, and vice versa.
However, static NAT codes are implemented on IP Masquerading, which is
network address & port translation. My vision is to merge the IP
masquerading, NAT and virtual server via NAT code together, maybe codes
will be reorganized to make more efficient.
>
>- How do you detect the termination of a connection? Are there some sort
>of timeouts when the translation entries in the hash table expire? How
>long does the balancer wait? Are the timeouts a part of the Masquerading
>code?
Since it is implemented on IP Masquerading code, the IP Masqerading manager
timeouts of the connection in the hash table.
>
>- There is a lot of talk about virtual server cluster having to work
>behind a firewall... Is it really necessarry to set up a firewall? Is is
>neccessary to have a dedicated IP subnet? Can a balancer only have one
>Ethernet adapter and coexist on the same subnet with the servers?
>Can the servers have normally assigned IP addresses instead of
>192.168...
The load balancer is a firewall. If the virtual server via NAT is used, the
default route of real server must be set as the load balancer, because the
load balancer needs to rewrite the reply packets. The real servers can use
private IP addresses.
If the virtual server via IP tunneling is used, the real servers must have
assigned IP addresses.
>
>- Why is IP Tunneling so much faster. Is it because the translation of
>outgoing packets (from virtual server to the net) is less complicated?
>In the incomming way, I would understand it is more work for the
>balancer to tunnel the packets than simply to change the packet
>headers?!
In the virtual server via IP tunneling, the reply packets of real servers
can bypass the load balancer, and go to the clients directly. The load
balancer just need to encapsulate the request packets and redirect them to
the real servers, the overhead of handling is very low, so it can schedule
over 100 real servers and it won't be a bottleneck of the whole system. In
some systems, real servers need to access the internet to handle the client
requests, it is extremely good. For example, in a virtual proxy server,
real proxy servers can access the Internet directly to fetch objects, and
return it directly to the clients.
If the size of the request packet doesn't change while rewriting, (Note
that ip_masq_ftp and other modules may change the size of the packet.) the
tunneling will need an extra memory copy of packet than rewriting the
packets, it will take extra around 20us to tunl, (we may use tcpdump to
metric the delay of tunneling a packet). Supposing just a request packet
and a reply packet, the overhead of scheduling(encapsulating) and
decapsulating is 80us + 20us, and the overhead of rewriting a request
packet and a reply packet is 60us + 60us. Besides, I haven't added the
delay of transmit the reply packet from real server to the load balancer,
and usually there are many reply packets to a reply packet, so it saves a
lot of time.
>
>- Would it be possible to set up the weights in the balancer to forward
>the HTTP connections mainly to one server and the NNTP connections to
>another?
>
Sure, you can load balance the HTTP port and the NNTP port together in the
same load balancing box.
>
>Cheers,
> Peter
>
>
>P.S. There are some minor problems with the web site. Some links
>contain the url
> http://proxy.iinchina.net/ZWS/ippfvs/...
>instead of
> http://proxy.iinchina.net/~wensong/ippfvs/...
>and that makes it harder to download the kernel patches.
I am awfully sorry.
When I just splitted the origional documents into pieces, the FontPage
automatically inserted the wrong link to the original files. I haven't
checked all the links. It has made troubles for all of you. Sorry!
Thank you for mentioning it to me. The links of news.html and software.html
have been corrected now.
|
