Re: Announcing: IPVS v0.9.0

To: Wensong Zhang <wensong@xxxxxxxxxxxx>
Subject: Re: Announcing: IPVS v0.9.0
Cc: LVS Mailinglist <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Jake Buchholz <jake@xxxxxxxxxx>
Date: Mon, 27 Sep 1999 16:56:01 -0500
On Fri, Sep 24, 1999 at 07:34:46PM +0800, Wensong Zhang wrote:
> Virtual Server patch for Linux 2.2 - Version 0.9.0 - September 24, 1999
> -   Added new persistent service handling
>     For all the
>     persistent services except FTP, we create a masq template like
>     <daddr, 0, maddr, mport, saddr, sport>. So, the persistent services 
>     won't disturb each other, and it fixes the wrong accounting bug for
>     different persistent services.
>     For passive
>     FTP, FTP server tells the clients the port that it passively listens 
>     to,  and the client issues the data connection. In the tunneling or 
>     direct routing mode, the load balancer is on the client-to-server half 
>     of connection, the port number is unknown to the load balancer. So, a 
>     template masq like <daddr, 0, maddr, 0, saddr, 0> is created for 
>     persistent FTP service.

Now, if I read this right, it says that I could persistently redirect
different services on one virtual IP to different servers -- as long as
no passive FTP is involved.

When passive FTP is involved on a virtual IP, however, ALL services on
that IP are persistently linked to one server (based, of course, on
source addr.)  For example, I wouldn't be able to reroute :80 to a
set of web-only servers, and reroute :20, :21, :<passive-ports> to FTP-
only servers.  Right?

If this is indeed the case, would it be possible to circumvent this
nature by providing some kind of "fallback" LVS entry?  Something like:

        # reroute HTTP
        ipvsadm -A -t -s rr
        ipvsadm -a -t -r -g
        ipvsadm -a -t -r -g
        # reroute HTTPS
        ipvsadm -A -t -s rr -p
        ipvsadm -a -t -r -g
        ipvsadm -a -t -r -g
        # fallback (FTP, passive FTP, and everything else)
        ipvsadm -A -t -s rr -p
        ipvsadm -a -t -r -g
        ipvsadm -a -t -r -g

So that if a connection comes around that's specificially defined (like
an HTTP or HTTPS connect), it works as it should. However, if a specific
entry for that IP's port is NOT found, the fallback :0 entry would apply.

Is this how things currently work?  And if not, would it be possible or
even desirable to do it this way?

Jake Buchholz, ExecPC Sr. Systems Administrator :           /~\
jake@xxxxxxxxxx --  :    ASCII  \ /  Against
Fngrpt PGP262: 29f3322af2da07994dc03fdf1f50aed2 :   Ribbon   X   HTML
GnuPG: 53d97ab3d279f731e7d2fc1197ca38544423882b : Campaign  / \  Mail

---------------------------------------------------------------------- mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>