Hi,
<caveat>
This is not my area, other people (eg Ratz) work in this area all day.
</caveat>
<retention>
Not anymore, I left the application layer and went to the low level part for the
next year ;)
</retention>
I've sat on https sites for more that 30mins of inactivity. Also I've
had the modem line drop on me in the middle of filling in forms on
badly written websites (eg registering a domainname)
Invite them to read the persistence writeup in the LVS Howto.
- when I come back, I have a new IP. I expect
anyone who wants to do internet business to handle these problems seamlessly.
Exactly and most of the time you've got non-technical stakeholders or managers
in the back that will rip your head of if that happens.
Persistence only gets you so far here, since memory requirements
limit you to the number of connections maintained.
Yes, memory and timeout constraints combined in a linear fashion.
Ratz's idea (in the HOWTO) is to redesign you application. He can do that.
Not everyone can. He maintains state data on the servers with a database.
Everyone can, and the OP (like already posted) can work with Tomcat's internal
state replication module to do that. But read it from my lips: It's bloody slow
last time I tested it (1 year ago) and tends to have nasty locking issues.
Alternately in php3 you could write the url that the client moved to
on the next click to would contain the state information (functions
the same as cookies). If you can't rewrite the application, then you'll
risk loosing some customers and I would say that LVS is not for you.
Well, he could still use L7 LVS (I'm sure it would give Wensong another lab rat
for testing the biest ;).
Also setting persistance to 1 seems to affect the result for much more
then 1 second, what exactly does this do?
don't know. You will have to wait for the TCP timeouts which are of the order
of 2mins in Linux (look at the connections with `netstat -an`)
If you go below the fixed TCP state timeout (IIRC 300s) there's nothing LVS can
do and I'm glad about that.
All of this is, of course, ignoring the DoS problems.
This is difficult for everybody. With persistence it's just worse.
DoS problems are not to be solved on the LVS box.
Cheers,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
|