Imagine the following scenario. The IP addresses are made up. All
ports concerned are port 80.
External IPs 4.1.2.41, 4.1.2.151, 4.1.2.153, and 4.1.2.154.
Internal RIPs 10.1.1.160, 10.1.1.161
VIPs for all 4 external IPs are defined on the two internal boxes as
lo:0, lo:1, lo:2, lo:3.
In ldirectord.cf:
virtual = 4.1.2.41:http
real = 10.1.1.160->10.1.1.161:http gate 100
checktype = negotiate
scheduler = wrr
virtual = 4.1.2.151:http
real = 10.1.1.160->10.1.1.161:http gate 100
checktype = negotiate
scheduler = wrr
virtual = 4.1.2.153:http
real = 10.1.1.160->10.1.1.161:http gate 100
checktype = negotiate
scheduler = wrr
virtual = 4.1.2.154:http
real = 10.1.1.160->10.1.1.161:http gate 100
checktype = negotiate
scheduler = wrr
If I configure heartbeat/ldirectord to only bring up the first VIP
(4.1.2.41), it comes up properly:
TCP rproxy1.domain.com:www wrr
-> rproxy1b.domain.net:www Route 100 43 2749
-> rproxy1a.domain.net:www Route 100 33 2801
If I configure heartbeat/ldirectord to bring up all four VIPs, it only
brings up the first one:
TCP rproxy1.domain.com:www wrr
-> rproxy1b.domain.net:www Route 100 45 2817
-> rproxy1a.domain.net:www Route 100 36 2844
TCP deimos.domain.com:www wrr
TCP oberon.domain.com:www wrr
TCP cordelia.domain.com:www wrr
This seems to be a limitation of ldirectord because I can add the RIPs
into the VIP definitions with the ipvsadm commands manually. Heartbeat
does bring up all VIPs properly. So without having looked at the code
yet, I have a couple of questions:
1) Is this in fact ldirectord refusing to assign the same RIP:port
combination to multiple VIPs? I specifically say RIP:port because I am
successfully bringing up multiple VIPs that go to the same RIPs but on
different ports (imap and pop).
2) Is there a reason why this is prohibited? Or is it simply an
application that everybody says "only an idiot would do something like
that?" :-)
In our case, all traffic coming in on .41 is because our DNS is
configured for that. Any old customers doing their own DNS that have
old IP assignments may still be using .151 or .153 or .154. So we are
unable to effect a change from their end, and we need to continue the
load balancing for each VIP to the same two RIPs. Note that it could be
any number of RIPs in the practical case.
Any comments and further questions are welcome. I also will make myself
available in the #linux-ha channel on freenode (nick cannonball) from
9:30 AM - 6:00 PM PST (GMT-0800) if anybody has any fantastic
suggestions.
--
Regards... Todd
We should not be building surveillance technology into standards.
Law enforcement was not supposed to be easy. Where it is easy,
it's called a police state. -- Jeff Schiller on NANOG
Linux kernel 2.6.8.1-12mdkenterprise 2 users, load average: 0.04, 0.08, 0.08
|