LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: Announcing: IPVS v0.9.0

from [Jake Buchholz] [Permanent Link]
To: Wensong Zhang <wensong@xxxxxxxxxxxx>
Subject: Re: Announcing: IPVS v0.9.0
Cc: LVS Mailinglist <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Jake Buchholz <jake@xxxxxxxxxx>
Date: Mon, 27 Sep 1999 16:56:01 -0500 
On Fri, Sep 24, 1999 at 07:34:46PM +0800, Wensong Zhang wrote:
> Virtual Server patch for Linux 2.2 - Version 0.9.0 - September 24, 1999
[...]
> -   Added new persistent service handling
[...]
>     For all the
>     persistent services except FTP, we create a masq template like
>     <daddr, 0, maddr, mport, saddr, sport>. So, the persistent services 
>     won't disturb each other, and it fixes the wrong accounting bug for
>     different persistent services.
[...]
>     For passive
>     FTP, FTP server tells the clients the port that it passively listens 
>     to,  and the client issues the data connection. In the tunneling or 
>     direct routing mode, the load balancer is on the client-to-server half 
>     of connection, the port number is unknown to the load balancer. So, a 
>     template masq like <daddr, 0, maddr, 0, saddr, 0> is created for 
>     persistent FTP service.

Now, if I read this right, it says that I could persistently redirect
different services on one virtual IP to different servers -- as long as
no passive FTP is involved.

When passive FTP is involved on a virtual IP, however, ALL services on
that IP are persistently linked to one server (based, of course, on
source addr.)  For example, I wouldn't be able to reroute :80 to a
set of web-only servers, and reroute :20, :21, :<passive-ports> to FTP-
only servers.  Right?

If this is indeed the case, would it be possible to circumvent this
nature by providing some kind of "fallback" LVS entry?  Something like:

        # reroute HTTP
        ipvsadm -A -t 10.0.0.1:80 -s rr
        ipvsadm -a -t 10.0.0.1:80 -r 192.168.0.66 -g
        ipvsadm -a -t 10.0.0.1:80 -r 192.168.0.130 -g
        # reroute HTTPS
        ipvsadm -A -t 10.0.0.1:443 -s rr -p
        ipvsadm -a -t 10.0.0.1:443 -r 192.168.0.66 -g
        ipvsadm -a -t 10.0.0.1:443 -r 192.168.0.130 -g
        # fallback (FTP, passive FTP, and everything else)
        ipvsadm -A -t 10.0.0.1:0 -s rr -p
        ipvsadm -a -t 10.0.0.1:0 -r 192.168.0.67 -g
        ipvsadm -a -t 10.0.0.1:0 -r 192.168.0.131 -g

So that if a connection comes around that's specificially defined (like
an HTTP or HTTPS connect), it works as it should. However, if a specific
entry for that IP's port is NOT found, the fallback :0 entry would apply.

Is this how things currently work?  And if not, would it be possible or
even desirable to do it this way?

-- 
Jake Buchholz, ExecPC Sr. Systems Administrator :           /~\
jake@xxxxxxxxxx -- http://www.execpc.com/~jake  :    ASCII  \ /  Against
Fngrpt PGP262: 29f3322af2da07994dc03fdf1f50aed2 :   Ribbon   X   HTML
GnuPG: 53d97ab3d279f731e7d2fc1197ca38544423882b : Campaign  / \  Mail

----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: load balanced http servers, jeremy
Next by Date:  Re: Pathes for LVS, Joseph Mack
Previous by Thread:  Announcing: IPVS v0.9.0, Wensong Zhang
Next by Thread:  Re: Announcing: IPVS v0.9.0, Wensong Zhang
Indexes:  [Date] [Thread] [Top] [All Lists]