+------------------------------------------------WAN---------+
| +----------------------------WAN--------+|
| | +--------LAN-------+||
v v v |||
+-----------------+ +-----------------+ +-----------------+ +-----------------+
| W2K, Building 1 | | W2K, Building 2 | | W2K, Building 3 | | LVS, Building 3 |
| VIP 192.168.3.9 | | VIP 192.168.3.9 | | VIP 192.168.3.9 | | VIP 192.168.3.9 |
| IP 192.168.1.1 | | IP 192.168.2.1 | | IP 192.168.3.3 | | IP 192.168.3.4 |
| VPN 192.168.3.1 | | VPN 192.168.3.2 | | | | FreeSwan Server |
+-----------------+ +-----------------+ +-----------------+ +-----------------+
| | | ^
| | | |
Reply Reply Reply Request
| | | |
| | | |
| | | +-----------------+
| | +--------->| Windows95/NT/2K |
| +----------------------------->| Client PC |
+------------------------------------------------->| IP 192.168.4.1 |
+-----------------+
Client sends request to 192.168.3.9. LVS load balances connection request
using DirectRoute to one of Win2000 real servers. Two of Win2000 servers are
on remote locations and one is on same physical subnet as LVS. Above picture
is heavily simplified compared to our real enviroment.
Building fault tolerant LVS machine with VPN might cause some headache, but
is there any other reasons why it wouldn't work? Setting Win2000<->FreeSwan
VPN is bit clumsy, but well documented. Also DirectRoute works on Win2000
MS-Loopback adapter without playing with ROUTE command since you can just
configure loopback using higher metric than any other interface. Also
default route must be real IP instead of VPN tunnel.
This approach will cause some extra traffic when client PC is located on
buildings one or two since packets travel thru WAN to building three first
instead of going to nearest server. However since WAN is already redundant
and amount of traffic between client and server is minimal I don't think
it's that bad. I'm planning to load balance Win2000 servers running in
Terminal Server mode and would like to add servers on remote buildings to
same farm as the servers in main building. If installation like this is
possible I guess it could be used to do load balancing other services in
different enviroments as well.
Another task would be adding minimal httpd to Win2000 servers that serves
text files that lists active and disconnected WTS sessions as well as
running processes, amount of free memory and CPU. Then LVS box could finger
Win2000 servers every 3 minutes and calculate new weights for WLC balancing.
BTW. WTS is same as NT4 with TSE. It's like Citrix Win/Metaframe multiuser
addon for Windows but crippled.
Am I crazy? Should I drop LVS and simply go pure Microsoft WLBS? I've read
that paper on LVS website explaining WLBS pros and cons. Company is not
willing to buy additional extraordinary expensive Citrix licenses since MS
licenses are a lot cheaper due our present agreements with MS.
--
Johan.Ronkainen@xxxxxx
|