|
Hello,
we plan to implement a system for traffic handling
with LVS. Our target is a scalable system.
Our question is:
Is it possible with LVS to implement something like the
following or has somebody already done something similar?
(redundancy issue has been omitted for better readability)
e.g. Internet
|
+------------------+
| Edge Router |
+------------------+
|
|
+------------------+
| Load Balancer A |----------???-----+
+------------------+ |
| | |
+--------------+ +--------------+ +---------------------+
| Traffic node | | Traffic node |--???--| Management system |
+--------------+ +--------------+ +---------------------+
| | |
+------------------+ |
| Load Balancer B |----------???-----+
+------------------+
|
|
insecure Path
| |
| |
| |
+--------------+ +--------------+
|many Gateways | |many Gateways |
| IPSec term. | | IPSec term. |
+--------------+ +--------------+
| |
+--------------+ +--------------+
| many Clients | | many Clients |
+--------------+ +--------------+
Between a Client and a "traffic node" there may be
a tunnelled connection as well as "normal" traffic.
The traffic node(s) will do NAT, IPSec with the
gateways and have some traffic shaping functionality.
It must be possible to establish the connection (either
tunnelled or not) from both sides (client or router side).
All traffic to a given client must take the path through
the same traffic node for a session. The session lifetime
may range up to many hours/days.
And,there will probably be more than 2 Traffic Nodes ;-).
Our (main ;-)) )questions are:
- Is it possible for the LVS director to pre-inform
the second LVS Director about the Path the packets
from a given network or IP address have to take? This
would mean that each LVS Director has to act as a
"enslaved" director for the connections which are
first handled by the other LVS director.
- The Traffic nodes must be informed by the Management
system what to do with a given connection. Is there any
way that the director informs an external node about
the traffic path for a given "connection" so that the
management station can inform the affected traffic node
about what to do??
- Is it possible to predefine the traffic path in
the LVS director for IP packets sourced from or destined
to a given network from outside? In the "drawing"
this would be done by the management system (see ???-Path).
- (as an idea for all three questions) is it possible
to split the function of the director to two nodes:
one director node acts inside the traffic path,
the other part (let say administration node) handles
the scheduling for both director nodes in the traffic path?
- As all connections through this cluster have to be
persistent (in term of LVS) with infinite lifetime
(from LVS point of view, the sessions are closed by
an external system), this has to be handled externally
by the management station. Are there any experiences,
how many persistent connections can be configured/second?
And how much table space in memory is needed for one
persistent connection?
Special points of interest beside this are:
- Are there any IPSec cluster implementations with LVS (for
load-balancing, not failover)?
- What is an upper limit for a *reasonable* number of cluster nodes? /
is the number only limited by the capacity of the Load-balancer?
Sorry for the mass of questions, I know that the intention for
developing LVS was something different. But I didn?t find any other
starting point for our ventilations.
Thanks in advance for any hint,
Axel
|
