LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Newbie Advice

To: "'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Newbie Advice
From: "Feldman, Jim" <Jim.Feldman@xxxxxxxxxx>
Date: Tue, 14 Dec 1999 18:57:03 -0600
I'm looking for some advice in setting up a LVS system.  We have a new site
we're installing that will carry multiple TCP based services (ftp, http,
https, and home grown stuff).  I'm trying to sell my management on a dual
LVS system instead of a Cisco LD setup.  I'm pretty fluent in a few Un*x's
and the RedHat Linux dist. and can handle shell and PERL programming.  I've
been through the slides and the HOWTO.  I just would like a sanity check
about what I'm about to suggest.

I'm recommending VS-NAT.  The reason is that the LVS system will have to
front end Tru64 Unix, WinNT 4.0 and 2000, and possibly Linux Realservers
running both standard and non-standard services.  Although the system could
end up frontending 30-40 systems, aggregate bandwidth would be limited by no
more than a T3 pipe to the Internet.  I'm suggesting this run on 2
pIII/256meg boxes with 3 network adapters.  One for the client access, one
for the Realserver access, and  a non-routed command and control LAN.  I
would like to use the RH 6.1 Dist, since I'm more familiar with that.  From
my readings, I'd be using mon to check service availability on the
Realservers, which in turn alters the LVS rules.  I'd use Heartbeat/fake
over a serial cable to provide for failover of the VS-NAT boxes.

Questions:
1. I may need to test for a non-text based TCP service running on a
Realserver, which has no client for Linux.  Can mon pull this off?  SMAP?

2. Would a connection limit of 2^16 be unreasonable, given the memory? If I
read correctly, each connection is 128 bytes, but are there other walls I'll
hit?  Is this (500mhz PIII) enough horsepower?

3. Am I being too paranoid in putting the Realservers on a private LAN?  The
primary extra cost is in having more ports on the switch.  The benefits are
added security and hardening, plus no one can accidentally set up a route
back to the client that is independent of the LVS.

4.  Am I seriously into the "bleeding edge"?

Thanks for letting me ramble, and any wisdom you can provide will be greatly
appreciated.  This is an extremely cool project.  

Jim Feldman

Bonus question.  Since the VS-Tun setup only talks Linux to Linux, could you
use the remote Linux box as a remote frontend to other boxes.  The parallel
would be Cisco's Remote Director


                           tun via I'net
  LVS/VS-Tun===============Realserver (acting as a router)--------NT
        
|                   Both the NT and Tru64 boxes have 
 
---Tru64        routes to clients



----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>