"Palmer J.D.F." wrote:
>
> Within seconds someone decided to try their online banking www.hsbc.co.uk.
> It seems that this site and undoubtedly many other secure sites don't like
> to see connections split across several IP addresses as happens with my
> cluster.
> Different parts of the pages are requested by different realservers, and
> hence different IP addresses.
how don't they like it? What do you see/not see?
> How do I combat this? Is this what persistence does or is there a way of
> making the realservers appear to all have the same IP address?
one of the first uses of LVS was for squids and some effort has been
put into making LVS work well with squids. Joe Cooper, an occassional
responder on this mailing list has put some effort into educating
us on the problems. The main problem interfacing
LVS with squids is that once you have a hit in a squid, you want other clients
to go to that squid for that hit. The squids can use ICP (?) to fetch
the hit from each other but that is too slow, and you don't want
the squids fetching from each other. Persistence was
used initially, but it's clumsy. Tomas Proell then developed a
scheduler, which always sent requests for the same url to the
same realserver (after the first fetch from http://www.foo.com,
any fetch to the same website, from the DOCROOT down, by
any client, will be sent to the same realserver).
There's some timeout value for this, on the assumption
that pages expire after some time.
Wensong was inspired by this to write the -dh sheduler.
So change -rr (or whatever you're running) to -dh.
Unlike a conventional LVS, infront of identical realservers,
with a squid, the individual squids all develope different content.
(This should be explained in more depth in the HOWTO.
Most of the people setting up squids seemed to have talked
to each other before they come to LVS and already know
what to do. I'll get around to updating the HOWTO when I get time).
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|