On Mon, 2007-12-31 at 15:54 -0500, Matthew Crocker wrote:
> I used to run LVS on a cluster years ago, in fact the cluster is
> still running but I haven't been keeping track of the progress for
> LVS. I'm putting together a new cluster and would like to have it
> setup with active/active directors instead of active/passive.
Hrm... OK, let's see about this.
> Does anyone have a working configuration using LVS-NAT & active/active
> directors?
I know I don't, and judging by the silence I'd guess relatively few
others do.
> Assuming I have 2 directors and 4 real servers. Traffic
> is load balanced via per-flow CEF to each director and each director
> then load balances the traffic to one of the 4 servers.
OK so far.
> How do I configure the real servers to send the returning traffic
> through the correct director so it can follow the NAT tables?
> Or, with the LVS directors syncing their connection maps does it
> even matter?
Hrm... your issue here is that your realservers have to forward their
return traffic to clients through the same director that fired it at
them. The LVS sync daemon may or may not do what you want - it isn't
real time (almost, but not quite) as in the interests of network
throughput it aggregates connection states into a buffer and only send a
packet when the buffer is full. I'd have to read the code to see how
many connections/packets/state changes that takes, but it would result
in some unreliability if traffic returned through the "other" director
from the realservers' point of view.
I know this wouldn't be a completely active/active setup, but I'd split
my realservers into two groups and have one half with DirA as their
default gateway, the others with DirB. Then I'd make sure that the
directors are running some sort of failover protocol (whether using
heartbeat or keepalived, for example) to "float" the DirA/DirB addresses
between the two machines. This way, you split half your connections
between the available machines and gain some reliability in case a
director fails. You also always know which way the traffic is flowing.
The only other thing I can think of, and it's a vague possibility, is
that you could potential use the netfilter and iproute2 toolkits to do
some policy routing - ie. if a connection came in from director A
(defined by MAC address), then we reply to DirA and vice versa for DirB.
I'd have to have a serious read to see if that made any sense, mind you!
As an additional question - how are you configuring things on the
client-facing side of the directors (ie. how are you making the same IP
active on both machines without having ARP clashes, or worse, no arp at
all)? Is your CEF balancing and forwarding to the hosts directly (ie
routing) instead of forwarding to an IP? Have you done some MAC
trickery, or some clever /32 routing?
Graeme
|