|
First, thanks for your replies, I appreciate it.
On Mar 14, 2006, at 2:49 PM, Joseph Mack NA3T wrote:
-sh scheduling is a standard (but little used) part of LVS. AFAIK,
you just set up the -SH scheduling and go - there's no patching.
There isn't much in the way of examples in the HOWTO. I just looked
in the mailing list archive and there's no useful info there either
(just me asking if anyone has used it, and making comments to
people like you that it's available).
From what I can tell, SH decides which real server will receive an
incoming request based on the external source IP in the request. I
can see four problems with this.
The first is that I can't see how this will change the return route
of the packet. I can see mapping incoming source routes to specific
real servers with distinct gateways, but I can't see how it could
effect an LVS-NAT setup.
The second is that a single client IP could go through either
incoming VIP. Assuming SH was somehow changing outbound routing, it
would distribute the outbound gateway randomly vs. correctly. I
suppose this helps distribute traffic but I'm not really interested
in perpetuating asymmetric routes.
The third is that I'd really like to use LVS as a load-balancer, not
as a simple load splitter. wlc is pretty key.
The fourth is that using sh doesn't change outbound routes, I just
tried it. :-)
The docs state "Multiple gateway setups can be solved with routing
and a solution is planned for LVS." Which seems to imply that source
routing is a fix but sort of not... :(
LVS doesn't know anything about routes to the outside world - it
just pushes a packet with src_addr=VIP,dst_addr into the output
queue. However netfilter gets it before it exits from the director.
Yeah, but unless there are netfilter rules to mangle outgoing
packets, it should pass out through the routes. I.e., if netfilter
isn't blocking it (you do need rules at least in 2.4 to allow
outbound VIP traffic) it shouldn't mangle it or change its routes,
I'm thinking.
setting up routes as you've done is tricky. Since the iproute2
tools were around when the -SH scheduler was written, I would
assume the iproute2 tools won't do what you want.
Yes, this seems true. My new suspicion is that outbound lvs routing
is calculated based on the source address of the real servers, not
the VIP.
Netfilter and LVS had some unfortunate interactions
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-
HOWTO.filter_rules.html#filter_rules_intro
Julian's nfct code is not used much so we don't hear a lot about
it. It came after the -SH scheduler. Maybe the -SH scheduler
shouldn't be neede if the netfilter problems really have been
cleaned up.
Yes, the route_me_harder() function in the nfct code seems
promising. I fear I'm going to have to grab the source and track
down the routing behavior specifically.
Would be glad to hear of anything you figure out.
Will do, thanks!
--
Ken.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml Homepage http://
www.austintek.com/ It's GNU/Linux!
|
