Jake Buchholz wrote:
> On Fri, Sep 24, 1999 at 07:34:46PM +0800, Wensong Zhang wrote:
> > Virtual Server patch for Linux 2.2 - Version 0.9.0 - September 24, 1999
> > - Added new persistent service handling
> > For all the
> > persistent services except FTP, we create a masq template like
> > <daddr, 0, maddr, mport, saddr, sport>. So, the persistent services
> > won't disturb each other, and it fixes the wrong accounting bug for
> > different persistent services.
> > For passive
> > FTP, FTP server tells the clients the port that it passively listens
> > to, and the client issues the data connection. In the tunneling or
> > direct routing mode, the load balancer is on the client-to-server half
> > of connection, the port number is unknown to the load balancer. So, a
> > template masq like <daddr, 0, maddr, 0, saddr, 0> is created for
> > persistent FTP service.
> Now, if I read this right, it says that I could persistently redirect
> different services on one virtual IP to different servers -- as long as
> no passive FTP is involved.
> When passive FTP is involved on a virtual IP, however, ALL services on
> that IP are persistently linked to one server (based, of course, on
> source addr.) For example, I wouldn't be able to reroute :80 to a
> set of web-only servers, and reroute :20, :21, :<passive-ports> to FTP-
> only servers. Right?
> If this is indeed the case, would it be possible to circumvent this
> nature by providing some kind of "fallback" LVS entry? Something like:
> # reroute HTTP
> ipvsadm -A -t 10.0.0.1:80 -s rr
> ipvsadm -a -t 10.0.0.1:80 -r 192.168.0.66 -g
> ipvsadm -a -t 10.0.0.1:80 -r 192.168.0.130 -g
> # reroute HTTPS
> ipvsadm -A -t 10.0.0.1:443 -s rr -p
> ipvsadm -a -t 10.0.0.1:443 -r 192.168.0.66 -g
> ipvsadm -a -t 10.0.0.1:443 -r 192.168.0.130 -g
> # fallback (FTP, passive FTP, and everything else)
> ipvsadm -A -t 10.0.0.1:0 -s rr -p
> ipvsadm -a -t 10.0.0.1:0 -r 192.168.0.67 -g
> ipvsadm -a -t 10.0.0.1:0 -r 192.168.0.131 -g
No, don't need to do this. Just simple put the following commands for
FTP service (in the v0.9.x):
ipvsadm -A -t 10.0.0.1:21 -s rr -p
ipvsadm -a -t 10.0.0.1:21 -r 192.168.0.67 -g
ipvsadm -a -t 10.0.0.1:21 -r 192.168.0.131 -g
Yeah, it works for multiple persistent service on a virtual IP address.
> So that if a connection comes around that's specificially defined (like
> an HTTP or HTTPS connect), it works as it should. However, if a specific
> entry for that IP's port is NOT found, the fallback :0 entry would apply.
> Is this how things currently work? And if not, would it be possible or
> even desirable to do it this way?
> Jake Buchholz, ExecPC Sr. Systems Administrator : /~\
> jake@xxxxxxxxxx -- http://www.execpc.com/~jake : ASCII \ / Against
> Fngrpt PGP262: 29f3322af2da07994dc03fdf1f50aed2 : Ribbon X HTML
> GnuPG: 53d97ab3d279f731e7d2fc1197ca38544423882b : Campaign / \ Mail
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx