|
Hey all,
We're trying to setup LVS to serve as a drop-in replacement for a pair
of Cisco CSS 11050s. We aren't doing any fancy layer 7 stuff on the
CSS, like passing certain directories to other servers, or anything
like that.
I got it all setup, working, and I was able to drop it in for the CSSes
pretty smoothly. However, a few problems required me to put us back on
the CSSes.
Here they are:
1) None of the real servers can load pages from virtualized IPs. That
is, if a server is a real server (and thus has as its gateway the LVS
director), it can't get any services that the director provides. This
is a pretty minor problem, one we can work around, but would rather
not. Any ideas on how to permit this?
2) The big one. Our traffic spikes on the CSS hit 90mbit/s. Not huge
by a lot of standards, but still sizable. The CSS was pushing out
about 50mbit/s when we cut over to the LVS-NAT box, and traffic
immediately dropped to about 20mbit/s, never breaking 30.
More information on #2:
A test download from a box on another network, with a 100mbit
connection to the Internet, was able to download a single file at well
over 40mbit/s through the CSS. Through the LVS, it peaked at 1Mbit/s
at the beginning and then quickly fell to about 300kbit/s after a few
seconds, and stayed there.
The hardware for the LVS machine: P4 2.26ghz, 2GB of memory. Two e1000
NICs, but both are hooked up to 100mbit switches, since we haven't done
our gigabit upgrade yet.
Software: Debian sarge, running (I've tried all three): two monolithic
2.6.10 kernels and the stock debian 2.6.8-686-2 kernel. I'm using the
ipvsadm, heartbeat, etc packages from ultramonkey.org.
ipvsadm -Ln showed about 150 active connections and 750 inactive
connections to each of the 6 real servers on our busiest VIP, the one
that accounts for 95% of traffic. ipvsadm -Lcn showed in the rage of
6,000 total connections, which matches up with the number of
active+inactive.
Since the LVS machine is the default gateway for all of the real
servers, I've got SNAT rules applied to the postrouting chain so our
outbound connections still work.
Anyway, the big question is, why would I be seeing such miserable
performance? Everything I've seen says the hardware I have is
overkill, even for LVS-NAT, and I should be able to work with almost
any amount of traffic I throw at it.
I can post more information if desired.
Thanks in advance,
Ed Fisher
|
