Multimaster Replication Behind a Load Balancer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2006-12-04 at 14:39 -0600, Dave Augustus wrote:
> piranha = LVS I do believe- maybe some management scripts are different.
> I have been using LVS for 5 years now. It works great!

Piranha was the easiest thing for me to grab with YUM.  I tried looking
into the other packages out there and got worried about the amount of
documentation dedicated to 2.2 kernels.

> (Help me understand... I am not an iptables guru but I have done some to
> get done what I needed to)
> 
> your statements:
> -A PREROUTING -d <VIP> -p tcp -m tcp --dport 389 -j REDIRECT
> -A PREROUTING -d <VIP> -p tcp -m tcp --dport 636 -j REDIRECT

Small typo, insert "-t nat" at the beginning of both lines.

> 
> Does this mean?
> -you are assigning an 2 IPs to your LDAP servers, one for loadbalancing
> and one for LDAP server
> -any traffic to the VIP is redirected to the IP that you have told LDAP
> server to use
> 
> Correct?
> 

In my scenario, the real servers are separate from the load balancer.
Only the load balancer is hosting the VIP.  

I borrowed this method from the "HOWTO.direct-routing" that came with
the Piranha docs.  A method that uses arptables was also documented, but
I didn't have much luck with it.

I've pasted what the HOWTO says about iptables below.

-Steve

Setting up the Real Servers, method #2: Use iptables to tell the real
servers to handle the packets.

How it works:
    We use an IP tables rule to create a transparent proxy so that a
node
    will service packets sent to the virtual IP address(es), even though
    the virtual IP address does not exist on the system.

Advantages:
  * Simple to configure.
  * Avoids the LVS "ARP problem" entirely.  Because the virtual IP
    address(es) only exist on the active LVS director, there _is_ no ARP
    problem!

Disadvantages:
  * Performance.  There is overhead in forwarding/masquerading every
    packet.
  * Impossible to reuse ports.  For instance, it is not possible to run
    two separate Apache services bound to port 80, because both must
    bind to INADDR_ANY instead of the virtual IP addresses.

(1) BACK UP YOUR IPTABLES CONFIGURATION.

(2) On each real server, run the following for every VIP / port /
protocol
    (TCP, UDP) combination intended to be serviced for that real server:

        iptables -t nat -A PREROUTING -p <tcp|udp> -d <vip> \
                --dport <port> -j REDIRECT

    This will cause the real servers to process packets destined for the
    VIP which they are handed.

        service iptables save
        chkconfig --level 2345 iptables on

    The second command will cause the system to reload the arptables
    configuration we just made on boot - before the network is started.
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux