I don't see how you can keep all TCP/IP aspects of this in sync when mirroring all packets to 2 servers. I'm sure packet numbers would very quickly start getting out of sync causing one of the machines to drop the packets. And what happens if there's a dropped packet to one of the servers? Assuming we're talking about a machine Y (in front of machines A, B and C) that does all this iptables stuff. Why not set it up as a proxy server? Servers A, B and C have normal MAC's and IP's (non-publicif you want). Server Y has a public IP. All client connections come in on Y and then Y makes it's own requests to A and B (using seperate TCP connections) and sends the quickest response back to the client, ignoring the slower response (if it ever comes). This proxy could even do a little caching where possible. Google a little and you'll find real life examples for such setups. - ----- Original Message ----- From: "Daniel Chemko" <dchemko@xxxxxxxxxx> To: "Jonathan Day" <imipak@xxxxxxxxx>; <lartc@xxxxxxxxxxxxxxx> Sent: Monday, February 23, 2004 9:56 PM Subject: RE: Non-traditional Failover Query This seems like a band-aid front end solution to a back-end Session tracking problem unless I am miss-reading your request. > 1) Any given process is running on TWO machines at the > same time. If a process or machine fails, then a new > backup is started on the third machine. There is thus > a rotation around the nodes. Linux Heartbeat > 2) Packets destined for any of the machines should be > received by ALL of the machines. IPT#1 I am not sure if there's already an iptables module that does this, but you can expect something like that to go into there, since that's where most really out there networking stuff goes (connection tracking is a different problem) > 3) If the primary process is on A, then replies from B > and C should still be generated, but be transparently > dropped. Likewise, if the primary process is on B or > C. IPT #2 This again would have to be a very elaborate iptables module that also interacts with a userspace app which keeps track of which backend process is really alive, and which ones are just spinning. > Uhhh... because this approach is seriously abusing the > entire networking stack. We essentially have all three > machines running with an identical MAC and IP address > visible to the outside. The "distinct" address is > purely internal. Iptables -j SNAT --help > What this requires is a way of tricking all three > machines into believing that they are the sole > recipients. This keeps the stacks in a uniform state, > which means we can fail-over the connections without > having to either checkpoint or copy stateful > information, both of which get ugly when you start > talking about lots of information. The iptables module described at IPT #1 > This leads to the second network-related problem. If > you have two identical machines starting from > identical states, and processing identical streams, > then they should end up in identical states - ie: > crashed. This can't be guaranteed, but you would hope that two identical machines doing exactly the same thing would be more or less the same, but it also depends on external hosts servicing the two machines identically and within a reasonable time differential. > This is easily fixed. If A is the machine you are > starting all the processes on, and B is your "mirror", > then C needs to take up the excess load. > > In other words, A+C is a cluster, and B+C is a second > cluster. Processes migrated to C from A or B aren't > mirrored. (This is akin to RAID 5's partial backup.) You kind of lost me here. > B) From the HA perspective, there is one primary > machine, one mirror machine and one spare You are trying to mix two HA paradigms together, Hot and Cold Standby. I doubt this is possible with most current HA software, but prove me wrong. I'd like to know! > C) From the load-balance perspective, there are two > overlapping clusters. This isn't quite true since the load-balancer does not split the load, it just discriminates as to who's response is relevant. (PS: When the primary goes belly up, how do you plan on doing a takeover AFTER the secondary has sent out packets that are effectively dropped? It seems that TCP retries would all be sent and dropped and the session would timeout) Having two simultaneously servicing events seems a waste. I would say that statefull hot-standby is you're best bet. Make it a 3 way hot standby if the HA software supports it. This of course means that the server software you're using to has to be HA aware. > Using Linux' advanced networking, BPF and netfilter > layers, connection mirroring for HA/load-balancing > purposes should be straight-forward. Much more so than > using the "wedge" concept proposed by MIT. Because you > need send nothing more than flags between the > machines, it should also be less expensive on the LAN > and processor. Trust me, THIS IS NOT EASY! _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/