Hi Henrik, We also use LVS + Squid setup. But what I want to know is, if we have only two squid for reverse proxy, can we setup only heartbeat for HA? (I mean don't use LVS). Thanks again. Henrik Nordstrom wrote: > On tor, 2008-08-28 at 16:16 -0800, Chris Robertson wrote: > >> Consider me interested. I've had a bit of experience with heartbeat and >> Zen (that was a fun learning project) and am looking to turn my visible >> pool of servers into a single front end. What causes you to qualify >> your statement about how well it works? > > > For Squid you don't want heartbeat to stop/start Squid, let Squid run > all the time on each node. > > What you want is a redundant load balancer infront of your Squids. Linux > LVS is a fine load balancer engine, and ldirectord is a fine load > balancer manager & monitor ontop of LVS (monitors the load balanced > servers, making sure traffic only gets forwarded to healty ones.) > > heartbeat is a fine failover solution, and a ldirectord based load > balancer is very easy to set up managed by heartbeat (ldirectord is part > of the heartbeat package btw..) > > You can run also run Squid on the load balancer nodes if you like, even > if some prefer having the load balancer separate. But if you need > iptables conntrack/nat on the proxies then it's best not to mix the two > on the same box... (LVS and iptables conntrack does not mix that well.. > possible but you'll need quite a bunch of special NOTRACK exception > rules in iptables raw table) > > For efficiency and scalability reasons you want to run LVS in direct > routing mode, which means that each node (all of them, load balancer and > proxies) will have the service address configured, and this is routed > via a heartbeat managed IP. > > > clients -> Router -> Internet > | > v > heartbeat managed IP > Service IP with ldirectord/LVS balancer > / / || \\ > Proxy nodes each with the service IP > > All connected on a shared switch with direct connection to the router. > > To reduce confusion about the location of the service IP it may be > configured as an alias on loopback. There exists no physical network > with the service IP network.. > > The setup gets a bit simpler if you use NAT forwarding. But the traffic > overhead on the load balancer is then more noticeable as it has to > process all browser traffic, not just the request packets.. and in > addition LVS NAT and transparent interception is a bad mix in case you > need transparent interception of port 80... > > Regards > Henrik
