|
I think you've got it. The problem really stems from trying to run lots of
HTTP/HTTPS apps (so we can't use host headers to differentiate between them)
that can't share session state in a cluster on a limited number of servers
with a limited number of IPs.
Thanks anyway,
Phil
-----Original Message-----
From: Roberto Nibali [mailto:ratz@xxxxxxxxxxxx]
Sent: 15 August 2003 11:00
To: LinuxVirtualServer.org users mailing list.
Subject: Re: LVS, fwmarks and a port translation problem
Hello,
> I have a design problem and was wondering if anyone had any bright
> ideas about solving it. Using Ultramonkey I have 2 LVS-NAT servers in
> failover. I want them to hold up to 20 virtual IPs for numerous
> HTTP/HTTPS apps that we run (must be on 80/443). Behind the LVS are 6
> apache/tomcat servers each hosting up to 10 of the apps. Because of
> the use of SSL we port translate so that each real server only has 1
> real IP (using real IPs for historical reasons). I need a load
> balanced persistent config... And I don't want to have to make any
> changes (except default routes) to the web servers...
You might not need to, right? I mean aren't the web servers already
pointing to the load balancer?
> Yes, this is a painfully complicated configuration but it kind of
> works with our hardware LB which needs replacing, hopefully with LVS.
Most definitely ;).
> Here is my first 1/10th scale attempt on our staging stack:
>
> IP Virtual Server version 1.0.9 (size=65536)
> Prot LocalAddress:Port Scheduler Flags
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP 10.1.1.81:80 wlc
> -> 10.1.1.39:51580 Masq 1 0 0
> -> 10.1.1.14:51580 Masq 1 0 0
> TCP 10.1.1.46:80 wlc
> -> 10.1.1.39:50580 Masq 1 0 0
> -> 10.1.1.14:50580 Masq 1 0 0
> TCP 10.1.1.46:443 wlc persistent 300 mask 255.255.255.0
> -> 10.1.1.39:50543 Masq 1 0 0
> -> 10.1.1.14:50543 Masq 1 0 0
> TCP 10.1.1.81:443 wlc persistent 300 mask 255.255.255.0
> -> 10.1.1.39:51543 Masq 1 0 0
> -> 10.1.1.14:51543 Masq 1 0 0
Why is your persistency mask set to /24? Not that it matters anyway ...
> This worked until I realised I need persistence between HTTP and
> HTTPS. Now FWMARKS is a great idea, but I can't see how I can make it
> work in this situation. I'd appreciate any advice.
Do I understand you correctly, that if one connects to VIP:80 and gets
assigned to a RIP1:51580 you want him to still connect to RIP1 but to
RIP1:51543 in case the application requires him to connect to VIP:443?
If so I also do not see an obvious way if doing it. I mean it would work
if the servers would redirect or listen to port 80, resp. port 443. Then
you could use persistent fwmark for a 80/443 VIP service tuple.
Best regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx Send
requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
