[TriLUG] LVS persistence and NAT

Ryan Leathers ryan.leathers at globalknowledge.com
Tue Jan 20 11:39:00 EST 2004 

Right - I probably shouldn't have used the NAT example as the problem is
not unique to NAT.  Its just what was on my mind.


On Tue, 2004-01-20 at 11:33, John Turner wrote:
> I don't have an answer to your problem, but I did run into the same 
> issue where everyone at a site was using a proxy server to access the 
> web. So one doesn't have to be behind a NAT firewall to see this 
> problem.  We ended up setting up all the PCs to bypass the proxy for 
> local addresses.
> 
> John
> 
> On Jan 20, 2004, at 11:17 AM, Ryan Leathers wrote:
> 
> > I want my cake and eat it too.  The more I use and read about LVS the
> > less optimistic I am about cake eating.  Don't get me wrong - I think
> > LVS is great.  I just want it to handle persistence and distribute load
> > at the same time.  Let me explain...
> >
> > I have set up an LVS-NAT instance in my lab with three real servers
> > fielding http requests.  The real servers run an application server
> > where state is important.
> >
> > Prior to turning on persistence I observed that the load was being
> > distributed accross all three servers, but the application was 
> > unusable.
> > With persistence turned on, the application state is kept but the load
> > is no longer distributed.  That is to say, all connections made from 
> > all
> > hosts behind a NAT router wind up going to the same real server due to
> > the persistence rule.
> >
> > I understand that persistence is dependant solely upon the source IP
> > address and the protocol in use.  I also see that a mask may be
> > specified to account for multiple / changing source addresses.  This
> > seems fine if there are not too many requests from the same host /
> > network.
> >
> > Suppose I have a number of hosts connecting to my application servers.
> > Is there a way to maintain state while also distributing the load?  Can
> > I have my cake and eat it too?  I originally thought firewall marks 
> > were
> > the ticket but I am coming to understand that marking will only
> > associate multiple protocols which will do nothing to distribute the
> > load when persistence is required.
> >
> > I suppose I could move to a more complex clustering model on the back
> > end, but it would be the bees knees if LVS could be configured to
> > acheive both goals.
> > -- 
> > Ryan Leathers <ryan.leathers at globalknowledge.com>
> > Global Knowledge
> > -- 
> > TriLUG mailing list        : 
> > http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
-- 
Ryan Leathers <ryan.leathers at globalknowledge.com>
Global Knowledge
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040120/d18a6442/attachment.pgp>

More information about the TriLUG mailing list