Hi,
Since there are many messages about passive ftp problem and sticky
connection problem, I'd better send a separate message to make it clear.
In LinuxDirector (by default), we have assumed that each network
connection is independent of every other connection, so that each
connection can be assigned to a server independently of any past,
present or future assignments.
However, there are times that two connections from the same client must
be assigned to the same server either for functional or for performance
reasons.
FTP is an example for a functional requirement for connection affinity.
The client establishs two connections to the server, one is a control
connection (port 21) to exchange command information, the other is a
data connection (usually port 20) that transfer bulk data. For active
FTP, the client informs the server the port that it listens to, the data
connection is initiated by the server from the server's port 20 and the
client's port. LinuxDirector could examine the packet coming from
clients for the port that client listens to, and create any entry in the
hash table for the coming data connection. But for passive FTP, the
server tells the clients the port that it listens to, the client
initiates the data connection connectint to that port. For the
VS-Tunneling and the VS-DRouting, LinuxDirector is only on the
client-to-server half connection, so it is imposssible for LinuxDirector
to get the port from the packet that goes to the client directly.
SSL (Secure Socket Layer) is an example of a protocol that has
connection affinity between a given client and a particular server.
When a SSL connection is made, port 443 for secure Web servers and port
465 for secure mail server, a key for the connection must be chosen and
exchanged. The later connections from the same client are granted by the
server in the life span of the SSL key.
Our current solution to client affinity is to add persistent client
connection scheduling in LinuxDirector. In the PCC scheduling, when a
client first access the service, LinuxDirector will create a connection
template between the give client and the selected server, then create an
entry for the connection in the hash table. The template expires in a
configurable time, and the template won't expire if it has its
connections. The connections for any port from the client will send to
the server before the template expires. Although the PCC scheduling may
cause slight load imbalance among servers, it is a good solution to
connection affinity.
The configuration example of PCC scheduling is as follows:
ipvsadm -A -t <VIP>:0 -s pcc
ipvsadm -a -t <VIP>:0 -R <your server>
...
BTW, PCC should not be considered as a scheduling algorithm in concept.
It should be a feature of virtual service port, the port is persistent
or not. I will write some codes later to let user to specify whether
port is persistent or not.
Thanks,
Wensong
|