LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Réf. : Re: Réf. : Re: keepalived (was Re: News contrib toLVS)

To: Alexandre CASSEN <alexandre.cassen@xxxxxxxxxxxxxx>
Subject: Re: Réf. : Re: Réf. : Re: keepalived (was Re: News contrib toLVS)
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: ratz <ratz@xxxxxx>
Date: Wed, 03 Jan 2001 14:16:05 +0100
Alexandre CASSEN wrote:
> 
> Re,
> 
>     Arrowpoint propose nice functionnalities. To sum up quickly, it use
>     specialized ASICS to perform NAT translation. I am using CS50.

Are there any RISC processors involved? The Alteon load balancer ACE
director2 f.e. has 2 extra RISCs to process the NAT code and some other
unusable stuff.
 
>     It is great for Firewall loadbalancing. You can create a topology with
>     2 firewall, each firewall have one NIC connected on each Arrowpoint.
>     Then you define commutation circuits to ensure a persistence connection
>     for a specified flow.

Does this mean that is one link fails the other one automagically takes 
precendence over the failed link and the connections are not lost?
 
>     For simple web loadbalancing, or other tcp services, they had
>     implemented in a old framework a "sticky-group" notion. They have
>     removed this
>     from their framework because it was too buggy. This functionnality can
>     be a good addon to LVS :) => It mean that :

It's already there IMHO, maybe a little bit with a tricky setup.
 
>     - You define your services (HTTP, SSL, FTP, ...)
>     - You define a sticky-group for HTTP & SSL
> 
>     => So when a user connection start on one server for HTTP, this
>     "sticky-group" notion give a persistent transition : when the user
>     switch from the web app to secure SSL mode, he is sticked to the same
>     server. It could be really nice if you are using server sessions var !
>     (like websphere for example).

Two possibilities to solve this ``problem'' with LVS:
1. Use port 0 in your setup. (adv.: easy to set up and easy understand)
2. Use fwmark and group them together. (adv.: finer port granularity possible)

Example (1):
------------
ipvsadm -A -t 192.168.1.100:0 -s wlc -p 333 -M 255.255.255.255
ipvsadm -a -t 192.168.1.100:0 -r 192.168.1.1 -g -w 1
ipvsadm -a -t 192.168.1.100:0 -r 192.168.1.2 -g -w 1

Example (2):
------------
ipchains -A input -j ACCEPT -p tcp -d 192.168.1.100/32 80 -m 1 -l
ipchains -A input -j ACCEPT -p tcp -d 192.168.1.100/32 443 -m 1 -l
ipvsadm -A -f 1 -s wlc -p 333 -M 255.255.255.255
ipvsadm -a -f 1 -r 192.168.1.1 -g -w 1
ipvsadm -a -f 1 -r 192.168.1.2 -g -w 1

have phun,
Roberto Nibali, ratz
-- 
mailto: `echo NrOatSz@xxxxxxxxx | sed 's/[NOSPAM]//g'`


<Prev in Thread] Current Thread [Next in Thread>
  • Re: Réf. : Re: Réf. : Re: keepalived (was Re: News contrib toLVS), ratz <=