|
I have now the persistency netmask feature up and it seems to work fine,
all sender networks are going closed to 1 RIP, load share on all RIP's is
nearly
equal, aol users are still complainig and somehow i've the impression
that aol has different netmasks on their proxies, i found a
list under http://webmaster.info.aol.com/proxyinfo.html and used
this info for marks,
imade this iptables list:
iptables -t mangle -A PREROUTING -p tcp -s 64.12.0.0/16 -d $VIP/32 --dport
80 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p tcp -s 153.163.0.0/16 -d $VIP/32
--dport 80 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p tcp -s 195.93.0.0/16 -d $VIP/32 --dport
80 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p tcp -s 198.81.0.0/16 -d $VIP/32 --dport
80 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p tcp -s 198.81.16.0/21 -d $VIP/32
--dport 80 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p tcp -s 198.81.26.0/26 -d $VIP/32
--dport 80 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p tcp -s 202.67.0.0/16 -d $VIP/32 --dport
80 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p tcp -s 205.188.0.0/16 -d $VIP/32
--dport 80 -j MARK --set-mark 3
and for the ipvsadm:
ipvsadm -A -f 3 -s rr -p 3600 -M 255.255.255.0
ipvsadm -a -f 3 -r $RIP1 -g -w 100
of course their is no balancing anymore for the above nets, we do have
fortunality not
that much aol people so i think i leave this for now or anybody has
altenativ ideas ?
thx
Matthias
-----Ursprüngliche Nachricht-----
Von: Lars Marowsky-Bree [mailto:lmb@xxxxxxx]
Gesendet: Donnerstag, 30. Januar 2003 13:54
An: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Betreff: Re: Trouble whiile balancing www requests from aol users
On 2003-01-30T12:25:04,
Matthias Krauss <MKrauss@xxxxxxxxxxxxxx> said:
> Hello List,
> finaly i turned on our lvs on our entire plattform and it didnt took
> long till the phone rings by aol people, they are switching between
> their own proxys with the result that the targed web will be different
> but we need it persitant.
>
> Did anybody of you dealed with this issue ?
Well, this is a generic problem. The persistency netmask feature might help
you, in exchange for lower granularity of the load balancing, but it
shouldn't matter on a larger scale; however, all AOL users will then likely
hit the same webserver. Oh, well.
It just goes on to show that IP addresses are unsuitable to identify a
single user ;-) Real fix would be to use layer7 switching based on the URL
or a cookie, even; alternatively, you could make your application less
dependent on persistence, for example by storing your session data in a
global cache/db, which would also make it easier for you to preserve
sessions when a single webserver fails.
Sincerely,
Lars Marowsky-Brée <lmb@xxxxxxx>
--
Principal Squirrel
SuSE Labs - Research & Development, SuSE Linux AG
"If anything can go wrong, it will." "Chance favors the prepared (mind)."
-- Capt. Edward A. Murphy -- Louis Pasteur
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx Send
requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
