|
Hi,
I have a question concerning the synchronisation of pesistent
connections.
Here are my configuration details:
I have two load-balancers (lb1 [master], lb2 [backup]; configured to use
heartbeat + ldirectord) and two real web servers (web1, web2; running
apache2).
Issiung the command 'ipvsadm -L' on lb1 resp. lb2 shows:
--- lb1 ---
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.222:http lc persistent 3610 mask 255.255.255.0
-> web2.test.local:http Route 1 0 0
-> web1.test.local:http Route 1 0 0
---
--- lb2 ---
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
---
I also have the master synchonisation daemon running on lb1 and the
backup synchronisation daemon running on lb2.
Let's assume that both lb1 and lb2 have just rebooted and no client has
ever connected to the VIP (10.0.0.222). Now, client 'mframe' (10.0.0.20)
connects to the VIP and is being routed to RIP 10.0.0.154 (web2).
Issuing the command 'ipvsamd -Lc' on lb1 resp. lb2 just after 'mframe'
has connected shows:
--- lb1 ---
IPVS connection entries
pro expire state source virtual destination
TCP 14:57 ESTABLISHED 10.0.0.20:54289 10.0.0.222:http
web2.test.local:http
TCP 60:06 NONE 10.0.0.0:0 10.0.0.222:http
web2.test.local:http
---
--- lb2 ---
IPVS connection entries
pro expire state source virtual destination
TCP 02:53 NONE 10.0.0.0:0 10.0.0.222:http
web2.test.local:http
TCP 02:53 ESTABLISHED 10.0.0.20:54289 10.0.0.222:http web2.test.local:http
---
As one can see, states are being synchonised, but the entries in the
'expire' column differ, although issiung the command 'ipvsadm -L
--timeout' on lb1 resp. lb2 shows:
--- lb1 & lb2 ---
Timeout (tcp tcpfin udp): 900 120 300
---
After the initial connect of client 'mframe' (10.0.0.20) to the VIP, no
more connections to the VIP have occured. After waiting for about three
minutes, the command 'ipvsadm -Lc' is again issued on lb1 resp. lb2. Now
it shows:
--- lb1 ---
IPVS connection entries
pro expire state source virtual destination
TCP 56:58 NONE 10.0.0.0:0 10.0.0.222:http
web2.test.local:http
---
--- lb2 ---
IPVS connection entries
pro expire state source virtual destination
---
The connection entry on lb1 is as expected (by me). But there are no
persistent connection entries (state: NONE) on lb2 left, as more then
three minutes have passed.
The question is: Is this the intended behaviour of connection
synchronisation in the 'persistent case' or am I doing something wrong?
If lb1 goes down and lb2 takes over, lb2 will no longer necessarily
route connections coming from 10.0.0.0/24 to RIP 10.0.0.154 (web2), but
it could also choose web1.
So, am I right if I believe that:
- Only connection states (ESTABLISHED, FIN_WAIT, NONE...) are
synchronized from lb1 to lb2
- Expiration times are not synchronised in any way from lb1 to lb2
I have tried to issue the command 'ipvsadm -A -t 10.0.0.222:80 -s lc -p
3610 -M 255.255.255.0' on lb2 before starting the backup synchronisation
daemon on lb2, but this does not change the entries for expiration times
on lb2.
Is there a way to synchronize expiration times on lb1 and lb2, or is
there a way to tell lb2 what expiration times to use?
Any comments or suggestions are greatly appreciated.
Yours,
Paul
|
