[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 03 June 2002 12:30 pm, Theo Zourzouvillys wrote:
Failing that i can't get it working here, we need to get another one (one for internal, one for external) - and they're not cheap at 25k a pop!
ok, so i gave in. and did somethign even more funky - putting cisco/arpt to shame ;) and it was just too easy. two linux boxes, set as a gateway one ar primary gateway, one as secondary (on the webservers). a simple perl daemon that monitors the servers continuously, via connecting to the webserver itself and checking it gets a HTTP 200 OK back, if it doesn't respond within 5 seconds, i use my IPTables perl module (http://theo.me.uk/pages.shtml?page=IPTables) to add or remove the server, which is a standard DNAT rule balanced over all the servers. the only problem with this is i can't weigh servers depending on their response time (the arrowpoints use ACA, or "Arrowpoint Content Aware) to work out how many conenctions each one currently has, as well as how fast they are building up and bashing down fglows to see which servers should deal with the next flow. So what i'm thinking of doing now is writting an iptables extension that talks to a userspace daemon (that monitors the services) to set wieghts, then balance acordingly. Hmm. the only question i have though... to do that and make the linux boxes themself truly load balanced, i'd have to share the conntrack hash bucket over both servers, which would be daunting to say the least - it sure ain't possible right now, but might not be too hard to implement in a module, possibly talkign via a serial cable? has anyone had any experiance with load balancing NAT and stateful flows through linux boxes? Yes, i know lvs does this sort of stuff in a way - but lvs doesn't do it properly either, it uses a promary and secondard sorry server methology, which isn't waht i need - i need both boxes to be constantly active to handle the traffic. any thoughts, comments to my madness would be appreciated. ~ Theo, who is gonna be up for the day now. - -- Theo Zourzouvillys http://zozo.org.uk/ Chess tonight. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9DEZM448CrwpTn6YRAp7RAJ9SgVU2mMCXENdVouutLLv/QFwL0wCg7t3y lczrekDXxiULVb68QV/Iarg= =VA6f -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.