LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: Help with ldirector setup

from [Horms] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Help with ldirector setup
From: Horms <horms@xxxxxxxxxxxx>
Date: Thu, 29 Mar 2001 14:40:54 -0800 
On Thu, Mar 29, 2001 at 12:20:51PM -0700, Ian Courtney wrote:
> I've been using ipvsadm and heartbeat for quite a while now with great
> success. They are both really great programs. I've been using some small
> perl scripts to do some of the failover without much luck. So I've
> started looking into ldirectord, but am having some issues incorporating
> it into my environment.
> 
> I understand how to load the files for ldirector and how to get it to
> start from heartbeat, but the documentation on ldirectord is a little
> sparse, so I"m here to ask a few questions. Basically I need help
> incorporating the script below into ldirectord. 
> 
> First of all, my current config looks like so:
> 
> echo "1" > /proc/sys/net/ipv4/ip_forward
> ipchains -F
> ipvsadm -C
> 
> #firewall packet marking
> ipchains -A input -s 0.0.0.0/0 -d 207.228.79.0/25 -m 1
> ipchains -A input -s 0.0.0.0/0 -d 207.148.155.0/24 -m 1
> ipchains -A input -s 0.0.0.0/0 -d 207.148.151.0/24 -m 1
> ipchains -A input -s 0.0.0.0/0 -d 207.148.181.0/24 -m 1
> 
> #virtual server stuff
> #cgi1/cgi2 web balancing for ~ homedirs
> ipvsadm -A -t 207.228.64.34:80 -s wlc
> ipvsadm -a -t 207.228.64.34:80 -r 207.228.64.35:80 -g -w 1
> ipvsadm -a -t 207.228.64.34:80 -r 207.228.64.109:80 -g -w 1
> 
> #forums.cadvision.com
> ipvsadm -A -t 207.228.64.104:80 -s wlc
> ipvsadm -a -t 207.228.64.104:80 -r 207.228.64.35:80 -g -w 1
> ipvsadm -a -t 207.228.64.104:80 -r 207.228.64.109:80 -g -w 1
> 
> #secure ssl
> ipvsadm -A -t 207.228.64.34:443 -s wlc -p 1800
> ipvsadm -a -t 207.228.64.34:443 -r 207.228.64.35:443 -g -w 1
> ipvsadm -a -t 207.228.64.34:443 -r 207.228.64.109:443 -g -w 1
> 
> #ftp balancing
> ipvsadm -A -t 207.228.64.34:21 -s wrr -p 600
> ipvsadm -a -t 207.228.64.34:21 -r 207.228.64.35:21 -g -w 1
> ipvsadm -a -t 207.228.64.34:21 -r 207.228.64.109:21 -g -w 1
> 
> #telnet and ssh
> ipvsadm -A -t 207.228.64.34:22 -s wrr
> ipvsadm -a -t 207.228.64.34:22 -r 207.228.64.35:22 -g -w 1
> ipvsadm -a -t 207.228.64.34:22 -r 207.228.64.109:22 -g -w 1
> ipvsadm -A -t 207.228.64.34:23 -s wrr
> ipvsadm -a -t 207.228.64.34:23 -r 207.228.64.35:23 -g -w 1
> ipvsadm -a -t 207.228.64.34:23 -r 207.228.64.109:23 -g -w 1
> 
> #virtual hosts
> ipvsadm -A -f 1 wlc
> ipvsadm -a -f 1 -r 207.228.64.35 -g
> ipvsadm -a -f 1 -r 207.228.64.109 -g
> 
> 
> Now, I've made one ldirector cf file(called www.cf) as follows:
> # The /etc/ha.d/www.cf for ldirectord
> #
> 
> # the number of second until a real server is declared dead
> timeout = 10
> 
> # the number of second between server checks
> checkinterval = 10
> 
> virtual = 207.228.64.34:80
>      protocol = tcp
>      scheduler = wlc
>      real = 207.228.64.35:80 gate 1
>      real = 207.228.64.109:80 gate 1
>      request = "/.testpage"
>      receive = "test page"
> 
> virtual = 207.228.64.104:80
>      protocol = tcp
>      scheduler = wlc
>      real = 207.228.64.35:80 gate 1
>      real = 207.228.64.109:80 gate 1
>      request = "/.testpage"
>      receive = "test page"
> 
> So the above www.cf file covers the two main ips, but none of the class
> C's, which isn't terribly important, since if the two main ips are
> unreachable, the rest of the Class C's most likely aren't either, but
> what builds the rules for ipvsadm? Do I still need to run the first
> script I have at the top of this email? If so, how does ldirectord know
> how to remove and add the servers in and out?
> 
> Another question is about the firewall mark and how to incorporate it
> into the a cf file for ldirector? 
> 
> And is there any documentation on the /etc/ha.d/ldirectord.cf, or is
> that the equivalent of the www.cf file I've posted above?
> 
> Thanks in advance for any help :)

Please take a look at 

http://ultramonkey.org/ultramonkey-1.0.2beta0/topologies/example-ha-lb-4-fwmark.html

Basically, you should run your ipchains rules to mark incoming packets
at boot time. There is no harm in having these rules in place at all times.
Then add a fwmark virtual to your ldirectord.cf.

virtual = 1
     protocol = tcp
     scheduler = wlc
     real = 207.228.64.35:0 gate 1
     real = 207.228.64.109:0 gate 1
     request = "/.testpage"
     receive = "test page"

For more doumentation on ldirectord look at:
  man ldirecectord or  perldoc ldirectord
  The example .cf files found both with the ldirectord distribution
  http://ultramonkey.org/ in the topologies section.

-- 
Horms
 horms@xxxxxxxxxxxx 
 http://vergenet.net/~horms/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Help with ldirector setup, Ian Courtney
Next by Date:  Re: Problems wit directors that hangs!, F.
Previous by Thread:  Help with ldirector setup, Ian Courtney
Next by Thread:  Redirection based on location of client., Yusseri Yusoff
Indexes:  [Date] [Thread] [Top] [All Lists]