LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

LVS and Keepalived

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: LVS and Keepalived
From: "Mansoor Ali" <mhafeez72@xxxxxxxxxxx>
Date: Mon, 28 May 2007 09:42:42 +0000
Greetings

I am running the LVS on Redhat Enterprise Linux 4. The configuration is done based on the concept of LVS-NAT. The kernel version is 2.6.9-34-ELsmp and the ipvsadm version is 1.24-6.

I am running the single Linux-Director Machine with one interface (eth0) is connecting to the External network and other second interface (eth1) is connected to the Internal Network where Real Servers are running.

So far during my initial testing, the LVS is seems to be running fine without any problem. All the communication (incoming and outgoing) is successfully going from Virtual IP Address.

As i went through the different documentation I have found that in order to check the health of real-servers on periodic basis, there are number of sulutions available for such purpose e.g. LdirectorD and Keepalived out of which keepalived is considered to be more reliable solution.

As i went through the documentation of Keepalived, i am getting little bit confused. I have tried to install it but it looks like as if it is not running successfully.

My concerns related to keepalived are as follows:

1. Do I need to run the ipvsadm software in addition to the keepalived or in other words run the keepalived for health check purposes only?

2. I am not running the Active/Backup or MASTER/SLAVE configuration of LVS so by keeping this in mind can i still configure the keepalived for health checking of real servers, if yes than how?


Thanks in advance for answers

Mansoor


From: lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
Reply-To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: lvs-users Digest, Vol 52, Issue 35
Date: Sun, 27 May 2007 02:56:09 +0200 (CEST)

Send lvs-users mailing list submissions to
        lvs-users@xxxxxxxxxxxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
        http://www.in-addr.de/mailman/listinfo/lvs-users
or, via email, send a message with subject or body 'help' to
        lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx

You can reach the person managing the list at
        lvs-users-owner@xxxxxxxxxxxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of lvs-users digest..."


Today's Topics:

   1. Re: Customized fallbak page (Joseph Mack NA3T)
   2. Re: Customized fallbak page (Joseph Mack NA3T)
   3. topologies (Gerry Reno)
   4. Re: topologies (Joseph Mack NA3T)
   5. Re: Customized fallbak page (Dr. Volker Jaenisch)
   6. Re: URL forwarding (Dr. Volker Jaenisch)
   7. Re: topologies (Gerry Reno)
   8. Re: topologies (Gerry Reno)
   9. Re: topologies (Joseph Mack NA3T)



From: Joseph Mack NA3T <jmack@xxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx> To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Customized fallbak page
Date: Sat, 26 May 2007 13:42:01 -0700 (PDT)
On Fri, 25 May 2007, Gustavo Mateus wrote:

Hi,

I have 10 virtual servers (http) running on one director with 5 real servers and a separated fallback server running lighttpd.

I want to customize a fallback server page for each of the 10 web sites running on the virtual servers.

so that you get a reply...

the way we think about loadbalancing here is that the client should never be able to tell that they're connecting to a loadbalanced machine - they should just be presented with a server. So we don't do what you're asking.

Sure if a machine fails, then an admin should be able to figure out which one, but not the client. Why do you want to do this?

Joe







From: Joseph Mack NA3T <jmack@xxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx> To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Customized fallbak page
Date: Sat, 26 May 2007 13:48:10 -0700 (PDT)
On Sat, 26 May 2007, Joseph Mack NA3T wrote:

On Fri, 25 May 2007, Gustavo Mateus wrote:

Hi,

I have 10 virtual servers (http)

maybe I missed your point. You have 10 different URLs/VIPs? I was thinking that you wanted a different page displayed when each realserver needed to be failed out.

Joe







From: Gerry Reno <greno@xxxxxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx> To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: topologies
Date: Sat, 26 May 2007 17:48:29 -0400
Are there any preferred topologies for setting up LVS?
Right now without LVS I have everything on one lan and I just run firewalls. But to use LVS effectively I can see I need to create separate lans. Now this presents other problems because if I put my sets of realservers (web, db) on separate lans then it's more difficult to administer them and also they will lose access to common resources such as the backup server. So it looks like each realserver will have to be part of multiple lans or vlans into order to still have access to common resouces. In doing so, will it create any problems with routing for the VIP's and GW's? I don't want any triangulation problems that can cause connections to hang. Are there any common gotcha's with multiple lan/vlan relating to LVS? I have VLAN capable switches.









From: Joseph Mack NA3T <jmack@xxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx> To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: topologies
Date: Sat, 26 May 2007 15:21:52 -0700 (PDT)
On Sat, 26 May 2007, Gerry Reno wrote:

Are there any preferred topologies for setting up LVS?
Right now without LVS I have everything on one lan and I just run firewalls. But to use LVS effectively I can see I need to create separate lans.

why?

Now this presents other problems because if I put my sets of realservers (web, db) on separate lans

separate from what, the other realservers? the VIP?

then it's more difficult to administer them and also they will lose access to common resources such as the backup server. So it looks like each realserver will have to be part of multiple lans or vlans into order to still have access to common resouces. In doing so, will it create any problems with routing for the VIP's and GW's?

such as?

I don't want any triangulation problems that can cause connections to hang.

what's a triangulation problem?

You haven't mentioned any of the problems you're worrying about, so I can't help you much at the moment.

There's only two topologies at least as I think about it.

o all machines on one physical network

o all machines on two physical networks (the director has two NICs)

either way you have to protect the realservers and director and either way I can't see any problems accessing resources (such as network storage).

Joe







From: "Dr. Volker Jaenisch" <volker.jaenisch@xxxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx> To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Customized fallbak page
Date: Sun, 27 May 2007 01:30:22 +0200
Hi Gustavo!

Gustavo Mateus schrieb:
I have 10 virtual servers (http) running on one director with 5 real servers and a separated fallback server running lighttpd.

I want to customize a fallback server page for each of the 10 web sites running on the virtual servers. The way I imagine it can be done is setting lighttpd to respond to 10 different ips. One ip on the fallback server for every virtual server that I have.

Is there a way to avoid that? I dont know, some way to use virtual hosts and use just one IP for fallback server?
Just to get you right:
* You have 10 say "domains" running on 5 realservers.
* If one domain dies you like to bring up a "sorry-Page" that is individual for every domain.

If these guesses are your intention then you will have to use 10 different IPs on the seperate fallback-Server mapped via the http-daemon to your individual sorry-sites.

The loadbalancing daemon ldirectord, or keepalived, or ipvsmand knows when the last real server of the domain is dead and directs the inkoming IP packets now to the sorry-server IP. But it can not change them to an other URL/domain since this information is encapsulated in the Package HTTP-Protocol content.

If the many IPs itself are your problem (limited number) you may use different Ports on the same IP. But the configuration
overhead will remain the same.

Best Regards,

Volker







From: "Dr. Volker Jaenisch" <volker.jaenisch@xxxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx> To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: URL forwarding
Date: Sun, 27 May 2007 02:00:21 +0200
Hi Konstantin!
Konstantin Ivanov schrieb:
Hello,

Is it possible based on the URL address for the load balancer to forward the requests to a particular real servers. What I need to do is for example for a domain name domain1.com just server1 and server2 will respond, and for domain2.com server 1 and server3 will respond. I tried looking at UltraMonkey-L7 project but you can match only the file names in the URL like this:
l7vsadm -A -t 192.168.8.58:80 -m url --pattern-match '*.html' -s rr
l7vsadm -a -t 192.168.8.58:80 -m url --pattern-match '*.html' -r 10.0.0.10:80
Quoting http://sourceforge.jp/projects/ultramonkey-l7/document/admin_manual_en-v1.3/en/1/admin_manual_en-v1.3.txt
2.2.2.2 URL module (url) option
--pattern-match character-string (module-args)
Defines the URL character string that should not be allowed to pass through till the real server. This can take 127 english characters. Shell wildcard notation is allowed. (The "*" can match zero or more arbitrary characters --> Match any string
The "?" can match any single character --> Match any single character)
The character-string should be enclosed with ' (Single Quote character)
If complete matching or comparision is required for URL, then * might be needed.
Example: --pattern-match '*/index.html*'


I never used l7vsadm but there is nowhere written that the matching string operates only on the path portion of the URL.

Have you tried e.g.

l7vsadm -a -t 192.168.8.58:80 -m url --pattern-match 'domain2.com*' -r 10.0.0.10:80
or
l7vsadm -a -t 192.168.8.58:80 -m url --pattern-match '*domain2.com*' -r 10.0.0.10:80

Best Regards,

Volker







From: Gerry Reno <greno@xxxxxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx> To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: topologies
Date: Sat, 26 May 2007 20:30:25 -0400
Joseph Mack NA3T wrote:

separate from what, the other realservers? the VIP?

yes
then it's more difficult to administer them and also they will lose access to common resources such as the backup server. So it looks like each realserver will have to be part of multiple lans or vlans into order to still have access to common resouces. In doing so, will it create any problems with routing for the VIP's and GW's?

such as?

I don't want any triangulation problems that can cause connections to hang.

what's a triangulation problem?
where you have the response packets best-routed around the director directly back to the client

There's only two topologies at least as I think about it.

o all machines on one physical network

o all machines on two physical networks (the director has two NICs)


Ok, some ascii art:

|
|(Single Public IP)
---------------------
| HW NAT Firewall |
| Router |
---------------------
|(GW=192.168.0.1)
|
|(VIP=192.168.0.215)
------------------------------------------------------------------------------------
| ==LVS== | | |
|(192.168.0.10) |(192.168.0.11) | |(192.168.0.nnn)
--------------------- --------------------- | ---------------------
| keepalived | | keepalived | | | lots of other |
| master | | backup | | | servers |
--------------------- --------------------- | ---------------------
|(GW=192.168.1.1) | |
------------------------------------------------------------------- |
| | | | |
|(192.168.1.10) |(192.168.1.11) |(192.168.2.10) |(192.168.2.11) |
--------------- --------------- --------------- --------------- |
| RS(web) | | RS(web) | | RS(db) | | RS(db) | |
--------------- --------------- --------------- --------------- |
|(192.168.0.70) |(192.168.0.71) |(192.168.0.72) |(192.168.0.73) |
| | | | |
-----------------------------------------------------------------------------|
|
--------------------- |
| Network |---------------------------------
| Storage |(192.168.0.99)
---------------------

This is what I was referring to when I was commenting on topology and if it is possible to configure this way I was concerned about packets being best-routed somehow past the director through the second interface on the realservers.

Gerry












Joe







From: Gerry Reno <greno@xxxxxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx> To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: topologies
Date: Sat, 26 May 2007 20:31:53 -0400
Hmm... ascii art does not work on this list. :-(







From: Joseph Mack NA3T <jmack@xxxxxxxx>
Reply-To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx> To: "LinuxVirtualServer.org users mailing list."<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: topologies
Date: Sat, 26 May 2007 17:55:49 -0700 (PDT)
On Sat, 26 May 2007, Gerry Reno wrote:

Joseph Mack NA3T wrote:

separate from what, the other realservers? the VIP?

yes
then it's more difficult to administer them and also they will lose access to common resources such as the backup server. So it looks like each realserver will have to be part of multiple lans or vlans into order to still have access to common resouces. In doing so, will it create any problems with routing for the VIP's and GW's?

such as?

I don't want any triangulation problems that can cause connections to hang.

what's a triangulation problem?
where you have the response packets best-routed around the director directly back to the client

OK you want LVS-NAT or the modified-shared version of LVS-DR (if you don't know what that is, use LVS-NAT).

Ok, some ascii art:

you need blanks and not tabs, and limit to (about) 50chars/line


|
|(Single Public IP)
---------------------
| HW NAT Firewall |
| Router |
---------------------
|(GW=192.168.0.1)
|
|(VIP=192.168.0.215)
------------------------------------------------------------------------------------
| ==LVS== | | | |(192.168.0.10) |(192.168.0.11) | |(192.168.0.nnn)
--------------------- --------------------- | ---------------------
| keepalived | | keepalived | | | lots of other | | master | | backup | | | servers |
--------------------- --------------------- | ---------------------
|(GW=192.168.1.1) | |
------------------------------------------------------------------- |
| | | | |
|(192.168.1.10) |(192.168.1.11) |(192.168.2.10) |(192.168.2.11) |
--------------- --------------- --------------- --------------- |
| RS(web) | | RS(web) | | RS(db) | | RS(db) | |
--------------- --------------- --------------- --------------- |
|(192.168.0.70) |(192.168.0.71) |(192.168.0.72) |(192.168.0.73) |
| | | | |
-----------------------------------------------------------------------------|
|
--------------------- |
| Network |---------------------------------
| Storage |(192.168.0.99)
---------------------

This is what I was referring to when I was commenting on topology and if it is possible to configure this way I was concerned about packets being best-routed somehow past the director through the second interface on the realservers.

taking a punt here...

you have director(s) with a public IP (here 192.168.0.215). Then you have some web realservers, on 192.168.1.0/32. Presumably these talk to the db machines (and the clients do not directly connect to the db machined). In which case the db machines can also be on 192.168.1.0/32. And you have a NAS which can also be on 191.168.1.0/32. The webservers will have 192.168.1.1 as their default gw. The other machines (db, NAS) shouldn't havea default gw at all (presumably they aren't replying to clients)

Joe








_______________________________________________
lvs-users mailing list
lvs-users@xxxxxxxxxxxxxxxxxxxxxx
http://www.in-addr.de/mailman/listinfo/lvs-users

_________________________________________________________________
Txt a lot? Get Messenger FREE on your mobile. https://livemessenger.mobile.uk.msn.com/


<Prev in Thread] Current Thread [Next in Thread>
  • LVS and Keepalived, Mansoor Ali <=