|
On Tuesday, April 22, 2003, at 04:44 PM, Andre Correa wrote:
Let me try to be more detailled in this post.
My concentrator is a Linux box, kernel 2.4.20. Its main function is to
act as a PPPoE server. The PPPoE daemon "listen" to PPPoE requests at
L2, makes its handshake with the client (LCP talk) and, if the user is
authenticated, it gets an IP address. The PPPoE handshake happens
without an IP address on the client side.
With the client authenticated and with an IP address, the concentrator
sets routing, iptables and traffic control rules to firewall, NAT and
traffic shape client's traffic.
L2TP would do something similar, but for now I'm more concerned about
PPPoE.
Hrmmmm..
LVS-DR works at layer 2 by rewriting the Ethernet MAC address of the
packet. It doesn't touch the IP address. If you used iptables to mark
packets based on layer 2 info (MAC address, ToS, protocol...) could
LVS-DR be setup to load balance the traffic based on the fwmark? Does
LVS-DR need the IP header info for connection tracking? Maybe we'll
need a helper module to track the multiple packets for a PPPoE session.
PPPoE is also PPP so the session between the client and the server
needs to be maintained for the life of the session. After the client
gets assigned an IP address it wraps all outbound packets up in PPPoE
packets and sends them to the server to be unwrapped (I think this is
how it works). Many times the Ethernet is wrapped up in ATM for DSL
access.
L2TP is Layer 2 (Ethernet,PPP) wrapped in a Layer 3 (IP) packet on the
client and sent to the server where it is unwrapped. We use L2TP to
pickup PPP sessions from client modems that are handled by remote
terminal servers. Our customers dial into a Verizon modem pool which
handles the modem connection. The PPP session from the customer
computer is tunneled over IP over ATM using L2TP to our router. The
PPP session is terminated at the router and it assignes an IP to the
customer computer. The Verizon modem pool doesn't know, or care about
what IP we assign the customer.
I think LVS-DR could be used for L2TP balancing with some creative use
of iptables & fwmarking. For PPPoE I think you'll need a lot of
effort because the IP header doesn't exist.
I'm sorry but I don't followed your idea of the "heartbeat for
failover in an active-active config". My goal is to have multiple
concentrators acting as a single PPPoE server and as a single
firewall, NAT, QOS box. Everything in my setup is Linux, except the
clients...
In my point of view a solution that establishs some kind of
"session" based on users MAC address would be a great solution because
the client would use the same realserver during the whole PPPoE
session. But I don't know much about how LVS works... and that is why
I'm asking for help here. If think I need an "L2 load balancer"...
does such a thing exists on Linux? (he!)
tks in advance for the attention.
cheers.
Andre
On 22/04/03, Alex Kramarov wrote:
AK> every piece of documentation i have read about L2TP suggests that
packets
AK> involved in the l2tp connection cannot be modified in any way, so
you cannot
AK> use LVS-NAT - maybe LVS-DR would work, but since pptp and l2tp
involve
AK> several connections (udp, tcp, gre), it's would be tough to
balance the
AK> several streams streams of data of the same connection to the same
server.
AK> Just a suggestion, but what do you gain by using 2 lvs directors to
AK> loadbalance 2 concentrators, that you wouldn't get by 2
concentrators
AK> running heartbeat for failover in an active-active config (unless
the
AK> concentrators are not linux, but some os that can't run heartbeat
) ?
AK> ----- Original Message -----
AK> From: "Andre Correa" <andre.correa@xxxxxxxxx>
AK> To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
AK> Sent: Tuesday, April 22, 2003 9:42 PM
AK> Subject: LVS and a PPPoE/L2TP concentrator
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
