LVS + Squid + scheduling = Confused; still.
J.D.F.Palmer at Swansea.ac.uk
Wed May 8 15:09:56 BST 2002
I have sorted it by using persistence, couldn't get any of the dedicated
squid schedulers to work properly. I'm currentlt running wlc, and 360s
persistance. Seems to be holding up really well. Still watching it with
eagle eyes though.
The reason https is sent to the squids is because it's much easier to send
all browser traffic to the squids and then let them handle it.
Internet Systems Officer.
Library and Information Services
University of Wales, Swansea
Tel 01792 513260
> -----Original Message-----
> From: Harry Yen [mailto:hyen1 at yahoo.com]
> Sent: 16 April 2002 21:48
> To: lvs-users at LinuxVirtualServer.org
> Subject: RE: LVS + Squid + scheduling = Confused; still.
> What is the purpose of using LVS with Squid to a https site?
> HTTPs based material typically is not cachable.
> I don't understand why you need Squid at all.
> Once a request reaches a Squid and incurs a cache miss, the forwarded
> request will have Squid IP as the source address. So you need to find a
> way to make sure all connections from the same client IP to go to the
> same Squid farm. Then when they incur cache misses, they will wind up
> via LVS persistency to the same real sever.
> > -----Original Message-----
> > From: lvs-users-admin at LinuxVirtualServer.org [mailto:lvs-users-
> > admin at LinuxVirtualServer.org] On Behalf Of Palmer J.D.F.
> > Sent: Tuesday, April 16, 2002 2:58 AM
> > To: 'lvs-users at LinuxVirtualServer.org'
> > Subject: LVS + Squid + scheduling = Confused; still.
> > Hi all,
> > Some time back I posted regarding problems I was seeing with accessing
> > https
> > sites, online banking etc, via my squid LVS. Unfortunately these
> > haven't gone away.
> > This problem has been documented in the LVS how-to, but the suggested
> > solutions don't seem to work, or work as I'd expect them to.
> > I have since tried to use lblc & lblcr, both of these load balance but
> > don't
> > cure the problem unless I set persistence, or should I be doing that?
> > While dh scheduling just refuses to work full stop, ipvsadm says it's
> > running but no requests get forwarded to the realservers.
> > Now I'm under the impression that I am probably doing something wrong
> > here,
> > I just don't know what, am I setting weights & persistence correctly,
> > there anything I'm missing?
> > The only way I seemed to be able to get this to work (IE access the
> > site) is to set a persistence, I have used 360 seconds, and I am
> > using lblc scheduling.
> > I have just put the LVS live for a while to see how it fairs with a
> > university full of people trying to access it instead of just me and a
> > colleagues, and am waiting fro the phone to start ringing.
> > The current output of ipvsadm is this... I am a tad concerned at the
> > apparent lack of load balancing, can someone please explain this to
> > TCP wwwcache-vip.swan.ac.uk:squi lblc persistent 360
> > -> squidfarm1.swan.ac.uk:squid Route 1 202 1045
> > -> squidfarm2.swan.ac.uk:squid Route 1 14 8
> > ______________
> > Below is the extract from the how-to describing the initial problem.
> > http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-7.html
> > '...The usual problem with squids not using a cache friendly scheduler
> > that fetches are slow. In this case the website is sending hits to
> > different RIPs. Some websites detect this and won't even serve you the
> > pages.
> > Palmer J.D.F. J.D.F.Palmer at Swansea.ac.uk 18 Mar 2002
> > I tried an online banking site www.hsbc.co.uk. It seems that this site
> > undoubtedly many other secure sites don't like to see connections
> > across several IP addresses as happens with my cluster. Different
> parts of
> > the pages are requested by different realservers, and hence different
> > addresses.
> > It gives an error saying... "...For your security, we have
> > you
> > from internet banking due to a period of inactivity..."
> > I have had caching issues with HSBC before, they seem to be a bit more
> > stringent than other sites. If I send the requests through one of the
> > squids
> > on it's own it works fine, so I can only assume it's because it is
> > fragmented requests, maybe there is a keepalive component that is
> > requested.
> > How do I combat this? Is this what persistence does or is there a way
> > making the realservers appear to all have the same IP address?
> > Joe
> > change -rr (or whatever you're running) to -dh.
> > Lars
> > Use a different scheduler, like lblc or lblcr...'
> > Many thanks,
> > Jezz Palmer.
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> > Send requests to lvs-users-request at LinuxVirtualServer.org
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
More information about the lvs-users