|
Greetings
I am running the LVS on Redhat Enterprise Linux 4. The configuration is done
based on the concept of LVS-NAT. The kernel version is 2.6.9-34-ELsmp and
the ipvsadm version is 1.24-6.
I am running the single Linux-Director Machine with one interface (eth0) is
connecting to the External network and other second interface (eth1) is
connected to the Internal Network where Real Servers are running.
So far during my initial testing, the LVS is seems to be running fine
without any problem. All the communication (incoming and outgoing) is
successfully going from Virtual IP Address.
As i went through the different documentation I have found that in order to
check the health of real-servers on periodic basis, there are number of
sulutions available for such purpose e.g. LdirectorD and Keepalived out of
which keepalived is considered to be more reliable solution.
As i went through the documentation of Keepalived, i am getting little bit
confused. I have tried to install it but it looks like as if it is not
running successfully.
My concerns related to keepalived are as follows:
1. Do I need to run the ipvsadm software in addition to the keepalived or in
other words run the keepalived for health check purposes only?
2. I am not running the Active/Backup or MASTER/SLAVE configuration of LVS
so by keeping this in mind can i still configure the keepalived for health
checking of real servers, if yes than how?
Thanks in advance for answers
Mansoor
From: lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
Reply-To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: lvs-users Digest, Vol 52, Issue 35
Date: Sun, 27 May 2007 02:56:09 +0200 (CEST)
Send lvs-users mailing list submissions to
lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
http://www.in-addr.de/mailman/listinfo/lvs-users
or, via email, send a message with subject or body 'help' to
lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
You can reach the person managing the list at
lvs-users-owner@xxxxxxxxxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of lvs-users digest..."
Today's Topics:
1. Re: Customized fallbak page (Joseph Mack NA3T)
2. Re: Customized fallbak page (Joseph Mack NA3T)
3. topologies (Gerry Reno)
4. Re: topologies (Joseph Mack NA3T)
5. Re: Customized fallbak page (Dr. Volker Jaenisch)
6. Re: URL forwarding (Dr. Volker Jaenisch)
7. Re: topologies (Gerry Reno)
8. Re: topologies (Gerry Reno)
9. Re: topologies (Joseph Mack NA3T)
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Customized fallbak page
Date: Sat, 26 May 2007 13:42:01 -0700 (PDT)
On Fri, 25 May 2007, Gustavo Mateus wrote:
Hi,
I have 10 virtual servers (http) running on one director with 5 real
servers and a separated fallback server running lighttpd.
I want to customize a fallback server page for each of the 10 web sites
running on the virtual servers.
so that you get a reply...
the way we think about loadbalancing here is that the client should never
be able to tell that they're connecting to a loadbalanced machine - they
should just be presented with a server. So we don't do what you're asking.
Sure if a machine fails, then an admin should be able to figure out which
one, but not the client. Why do you want to do this?
Joe
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Customized fallbak page
Date: Sat, 26 May 2007 13:48:10 -0700 (PDT)
On Sat, 26 May 2007, Joseph Mack NA3T wrote:
On Fri, 25 May 2007, Gustavo Mateus wrote:
Hi,
I have 10 virtual servers (http)
maybe I missed your point. You have 10 different URLs/VIPs? I was thinking
that you wanted a different page displayed when each realserver needed to
be failed out.
Joe
From: Gerry Reno <greno@xxxxxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: topologies
Date: Sat, 26 May 2007 17:48:29 -0400
Are there any preferred topologies for setting up LVS?
Right now without LVS I have everything on one lan and I just run
firewalls. But to use LVS effectively I can see I need to create separate
lans. Now this presents other problems because if I put my sets of
realservers (web, db) on separate lans then it's more difficult to
administer them and also they will lose access to common resources such as
the backup server. So it looks like each realserver will have to be part
of multiple lans or vlans into order to still have access to common
resouces. In doing so, will it create any problems with routing for the
VIP's and GW's? I don't want any triangulation problems that can cause
connections to hang. Are there any common gotcha's with multiple lan/vlan
relating to LVS? I have VLAN capable switches.
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: topologies
Date: Sat, 26 May 2007 15:21:52 -0700 (PDT)
On Sat, 26 May 2007, Gerry Reno wrote:
Are there any preferred topologies for setting up LVS?
Right now without LVS I have everything on one lan and I just run
firewalls. But to use LVS effectively I can see I need to create separate
lans.
why?
Now this presents other problems because if I put my sets of realservers
(web, db) on separate lans
separate from what, the other realservers? the VIP?
then it's more difficult to administer them and also they will lose access
to common resources such as the backup server. So it looks like each
realserver will have to be part of multiple lans or vlans into order to
still have access to common resouces. In doing so, will it create any
problems with routing for the VIP's and GW's?
such as?
I don't want any triangulation problems that can cause connections to
hang.
what's a triangulation problem?
You haven't mentioned any of the problems you're worrying about, so I can't
help you much at the moment.
There's only two topologies at least as I think about it.
o all machines on one physical network
o all machines on two physical networks (the director has two NICs)
either way you have to protect the realservers and director and either way
I can't see any problems accessing resources (such as network storage).
Joe
From: "Dr. Volker Jaenisch" <volker.jaenisch@xxxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Customized fallbak page
Date: Sun, 27 May 2007 01:30:22 +0200
Hi Gustavo!
Gustavo Mateus schrieb:
I have 10 virtual servers (http) running on one director with 5 real
servers and a separated fallback server running lighttpd.
I want to customize a fallback server page for each of the 10 web sites
running on the virtual servers.
The way I imagine it can be done is setting lighttpd to respond to 10
different ips. One ip on the fallback server for every virtual server that
I have.
Is there a way to avoid that? I dont know, some way to use virtual hosts
and use just one IP for fallback server?
Just to get you right:
* You have 10 say "domains" running on 5 realservers.
* If one domain dies you like to bring up a "sorry-Page" that is
individual for every domain.
If these guesses are your intention then you will have to use 10 different
IPs on the seperate fallback-Server mapped via the http-daemon to your
individual sorry-sites.
The loadbalancing daemon ldirectord, or keepalived, or ipvsmand knows when
the last real server of the domain is dead and
directs the inkoming IP packets now to the sorry-server IP. But it can not
change them to an other URL/domain since this information is encapsulated
in the Package HTTP-Protocol content.
If the many IPs itself are your problem (limited number) you may use
different Ports on the same IP. But the configuration
overhead will remain the same.
Best Regards,
Volker
From: "Dr. Volker Jaenisch" <volker.jaenisch@xxxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: URL forwarding
Date: Sun, 27 May 2007 02:00:21 +0200
Hi Konstantin!
Konstantin Ivanov schrieb:
Hello,
Is it possible based on the URL address for the load balancer to forward
the requests to a particular real servers. What I need to do is for
example for a domain name domain1.com just server1 and server2 will
respond, and for domain2.com server 1 and server3 will respond. I tried
looking at UltraMonkey-L7 project but you can match only the file names in
the URL like this:
l7vsadm -A -t 192.168.8.58:80 -m url --pattern-match '*.html' -s rr
l7vsadm -a -t 192.168.8.58:80 -m url --pattern-match '*.html' -r
10.0.0.10:80
Quoting
http://sourceforge.jp/projects/ultramonkey-l7/document/admin_manual_en-v1.3/en/1/admin_manual_en-v1.3.txt
2.2.2.2 URL module (url) option
--pattern-match character-string (module-args)
Defines the URL character string that should not be allowed to pass
through till the real server.
This can take 127 english characters. Shell wildcard notation is allowed.
(The "*" can match zero or more arbitrary characters --> Match any string
The "?" can match any single character --> Match any single character)
The character-string should be enclosed with ' (Single Quote character)
If complete matching or comparision is required for URL, then * might be
needed.
Example: --pattern-match '*/index.html*'
I never used l7vsadm but there is nowhere written that the matching string
operates only on the path portion of the URL.
Have you tried e.g.
l7vsadm -a -t 192.168.8.58:80 -m url --pattern-match 'domain2.com*' -r
10.0.0.10:80
or
l7vsadm -a -t 192.168.8.58:80 -m url --pattern-match '*domain2.com*' -r
10.0.0.10:80
Best Regards,
Volker
From: Gerry Reno <greno@xxxxxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: topologies
Date: Sat, 26 May 2007 20:30:25 -0400
Joseph Mack NA3T wrote:
separate from what, the other realservers? the VIP?
yes
then it's more difficult to administer them and also they will lose
access to common resources such as the backup server. So it looks like
each realserver will have to be part of multiple lans or vlans into order
to still have access to common resouces. In doing so, will it create any
problems with routing for the VIP's and GW's?
such as?
I don't want any triangulation problems that can cause connections to
hang.
what's a triangulation problem?
where you have the response packets best-routed around the director
directly back to the client
There's only two topologies at least as I think about it.
o all machines on one physical network
o all machines on two physical networks (the director has two NICs)
Ok, some ascii art:
|
|(Single Public IP)
---------------------
| HW NAT Firewall |
| Router |
---------------------
|(GW=192.168.0.1)
|
|(VIP=192.168.0.215)
------------------------------------------------------------------------------------
| ==LVS== | | |
|(192.168.0.10) |(192.168.0.11) | |(192.168.0.nnn)
--------------------- --------------------- | ---------------------
| keepalived | | keepalived | | | lots of other |
| master | | backup | | | servers |
--------------------- --------------------- | ---------------------
|(GW=192.168.1.1) | |
------------------------------------------------------------------- |
| | | | |
|(192.168.1.10) |(192.168.1.11) |(192.168.2.10) |(192.168.2.11) |
--------------- --------------- --------------- --------------- |
| RS(web) | | RS(web) | | RS(db) | | RS(db) | |
--------------- --------------- --------------- --------------- |
|(192.168.0.70) |(192.168.0.71) |(192.168.0.72) |(192.168.0.73) |
| | | | |
-----------------------------------------------------------------------------|
|
--------------------- |
| Network |---------------------------------
| Storage |(192.168.0.99)
---------------------
This is what I was referring to when I was commenting on topology and if it
is possible to configure this way I was concerned about packets being
best-routed somehow past the director through the second interface on the
realservers.
Gerry
Joe
From: Gerry Reno <greno@xxxxxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: topologies
Date: Sat, 26 May 2007 20:31:53 -0400
Hmm... ascii art does not work on this list. :-(
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
To: "LinuxVirtualServer.org users mailing
list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: topologies
Date: Sat, 26 May 2007 17:55:49 -0700 (PDT)
On Sat, 26 May 2007, Gerry Reno wrote:
Joseph Mack NA3T wrote:
separate from what, the other realservers? the VIP?
yes
then it's more difficult to administer them and also they will lose
access to common resources such as the backup server. So it looks like
each realserver will have to be part of multiple lans or vlans into
order to still have access to common resouces. In doing so, will it
create any problems with routing for the VIP's and GW's?
such as?
I don't want any triangulation problems that can cause connections to
hang.
what's a triangulation problem?
where you have the response packets best-routed around the director
directly back to the client
OK you want LVS-NAT or the modified-shared version of LVS-DR (if you don't
know what that is, use LVS-NAT).
Ok, some ascii art:
you need blanks and not tabs, and limit to (about) 50chars/line
|
|(Single Public IP)
---------------------
| HW NAT Firewall |
| Router |
---------------------
|(GW=192.168.0.1)
|
|(VIP=192.168.0.215)
------------------------------------------------------------------------------------
| ==LVS== | | | |(192.168.0.10) |(192.168.0.11) | |(192.168.0.nnn)
--------------------- --------------------- | ---------------------
| keepalived | | keepalived | | | lots of other | | master | | backup | |
| servers |
--------------------- --------------------- | ---------------------
|(GW=192.168.1.1) | |
------------------------------------------------------------------- |
| | | | |
|(192.168.1.10) |(192.168.1.11) |(192.168.2.10) |(192.168.2.11) |
--------------- --------------- --------------- --------------- |
| RS(web) | | RS(web) | | RS(db) | | RS(db) | |
--------------- --------------- --------------- --------------- |
|(192.168.0.70) |(192.168.0.71) |(192.168.0.72) |(192.168.0.73) |
| | | | |
-----------------------------------------------------------------------------|
|
--------------------- |
| Network |---------------------------------
| Storage |(192.168.0.99)
---------------------
This is what I was referring to when I was commenting on topology and if
it is possible to configure this way I was concerned about packets being
best-routed somehow past the director through the second interface on the
realservers.
taking a punt here...
you have director(s) with a public IP (here 192.168.0.215). Then you have
some web realservers, on 192.168.1.0/32. Presumably these talk to the db
machines (and the clients do not directly connect to the db machined). In
which case the db machines can also be on 192.168.1.0/32. And you have a
NAS which can also be on 191.168.1.0/32. The webservers will have
192.168.1.1 as their default gw. The other machines (db, NAS) shouldn't
havea default gw at all (presumably they aren't replying to clients)
Joe
_______________________________________________
lvs-users mailing list
lvs-users@xxxxxxxxxxxxxxxxxxxxxx
http://www.in-addr.de/mailman/listinfo/lvs-users
_________________________________________________________________
Txt a lot? Get Messenger FREE on your mobile.
https://livemessenger.mobile.uk.msn.com/
| 