|
Thanks for the advice, you've both confirmed what I thought. I'll pass your
ideas onto our developers though and see what they think. Alternatively
we'll probably end up with a failover solution and hoping that a single real
server can take the peak load.
Thanks again,
Phil
-----Original Message-----
From: Horms [mailto:horms@xxxxxxxxxxxx]
Sent: 15 August 2003 02:22
To: LinuxVirtualServer.org users mailing list.
Subject: Re: LVS, fwmarks and a port translation problem
On Thu, Aug 14, 2003 at 01:58:29PM -0400, Matthew Crocker wrote:
>
> On Thursday, August 14, 2003, at 10:47 AM, Philip Hayward wrote:
>
> >Hi,
> >
> >I have a design problem and was wondering if anyone had any bright
> >ideas
> >about solving it. Using Ultramonkey I have 2 LVS-NAT servers in
> >failover. I
> >want them to hold up to 20 virtual IPs for numerous HTTP/HTTPS apps
> >that we
> >run (must be on 80/443). Behind the LVS are 6 apache/tomcat servers
> >each
> >hosting up to 10 of the apps. Because of the use of SSL we port
> >translate so
> >that each real server only has 1 real IP (using real IPs for historical
> >reasons). I need a load balanced persistent config... And I don't want
> >to
> >have to make any changes (except default routes) to the web servers...
> >
> >Yes, this is a painfully complicated configuration but it kind of
> >works with
> >our hardware LB which needs replacing, hopefully with LVS.
> >
> >Here is my first 1/10th scale attempt on our staging stack:
> >
> >IP Virtual Server version 1.0.9 (size=65536)
> >Prot LocalAddress:Port Scheduler Flags
> > -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> >TCP 10.1.1.81:80 wlc
> > -> 10.1.1.39:51580 Masq 1 0 0
> > -> 10.1.1.14:51580 Masq 1 0 0
> >TCP 10.1.1.46:80 wlc
> > -> 10.1.1.39:50580 Masq 1 0 0
> > -> 10.1.1.14:50580 Masq 1 0 0
> >TCP 10.1.1.46:443 wlc persistent 300 mask 255.255.255.0
> > -> 10.1.1.39:50543 Masq 1 0 0
> > -> 10.1.1.14:50543 Masq 1 0 0
> >TCP 10.1.1.81:443 wlc persistent 300 mask 255.255.255.0
> > -> 10.1.1.39:51543 Masq 1 0 0
> > -> 10.1.1.14:51543 Masq 1 0 0
> >
> >This worked until I realised I need persistence between HTTP and
> >HTTPS. Now
> >FWMARKS is a great idea, but I can't see how I can make it work in this
> >situation. I'd appreciate any advice.
> >
>
> I don't think you can do it. You can setup fwmark rules to tag the
> packets and LB the based on the fwmark but you will not be able to
> rewite the dest_port because you won't be able to tell if they are 443
> or 80 traffic because you aren't checking for that.
I don't think that you can do it either. Though of course
you could hack LVS to do something strange. Probably
the easiest way would be to get it to ignore the destinatino port when
setting up persistance templates. Actually, that should be pretty straight
forward.
--
Horms
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx Send
requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
