|
I haven't been taking a look at the threads in here for a while because I've
been busy, so I will apologize in advance if someone already mentioned this.
Just another persistence option that you may or may not have thought of...
LVS does support port-group sticky persistance.
That is, before FWMARK support was added to LVS, the only types of
persistance one could do were:
* One port persistence (all queries to 80 return to the same real server per
CIP)
* ALL port persistence (all queries to all ports return to the same RIP per
CIP)
But now that FWMARK support exists in LVS, it is easy to create group-based
sticky persistence. That is... It adds the option where:
* Only these two ports (443 and 80) return to the same RIP per CIP
* Meanwhile, another persistence table keeps track of 20, 21, and 1024:65535
* Any other port is not persistent
Just have ipchains keep track of flagging the incoming packets with the
correct port group identifier:
ipchains -A input -D VIPNET/VIPMASK PORT -p PROTOCOL -m FWMARK
And have IPVS stop looking at IPs and start look at FWMARKs:
ipvsadm -A -f FWMARK
ipvsadm -a -f FWMARK -r RIP:0
And voila -- port-group sticky persistence, just like many of the other load
balancing solutions offer.
All the best --
Ted
----- Original Message -----
From: "Dan Browning" <danb@xxxxxxxxxxxxxxxxxxxx>
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, October 06, 2000 12:48 AM
Subject: Persistence in LVS, and other projects?
> I know others have been burned for asking about layer-7 issues in LVS,
when
> it's supposed to be layer-2 and 3 only. But I'll ask anyway.
>
> I've read "Persistence Handling in LVS" in the docs section. Basically it
> said that you can add sticky connections on a per-ip address basis.
That's
> not bad, but if someone is using NAT or a proxy server to access the net
> (*ahem* 20 million AOL users), then wouldn't one end up with quite an
> imbalenced cluster since they would all be directed to the same Real
Server?
>
> My application is interchange on linux, with Apache and mod_ssl. The SSL
is
> what requires me to have correct client->real server connections.
>
> Here's my question: What is the best way to impliment "sticky"
connections
> (such as SSL) with free software? If none, I'll go ahead and buy that
> $35,000 load balancer from intel, or arrowpoint. Those expensive
> hardware-based load balancers look into the layer7 of the packet and load
> balance based on cookies. I'd like that functionality, except with free
> software. Is there such a thing?
>
> Thanks for your guys' time.
>
> Dan Browning
> Network & Database Administrator
> Cyclone Computer Systems
>
>
>
>
|
