Using LVS to replace Netscaler Load Balancer

[Bill Omer]

Netscalers actually change the DEST of packets coming in.  It will
redirect traffic to the real server and all further connections will
go straight to the real.

In my configuration on an extremely large network, I'm using LVS to
load balance web and app servers.  The reals have default routes to
actual routers, not the DIP.  The LVS servers use LVS-DR to send
traffic to the reals.  Packets will come in to the VIP, which will
route them (without changing the DEST) to the real, and the real will
reply to the client.

To do this, you will need some iptables magic in order for the real
server to accept traffic with a DEST of the VIP.  Since the VIP is not
assigned to the real server, by default it would drop the packet.

Using this method along with heartbeat is by far more beneficial (both
technically and financially speaking) to our operation compared to
Netscalers.  It's been in production now for about 6 months with
hundreds of thousands of connections being handled on a global scale
and the LVS presence is drastically increasing in this year.

Hope this helps.

-Bill


On 1/16/07, Philip M <disordr at gmail.com> wrote:
> Dear LVS-Users,
>
> I work at a fairly large company with a somewhat complex network that uses
> Netscaler server load balancers.
> I'm just a linux monkey, but I'm evaluating using LVS as a replacement for
> the expensive Netscalers.
> I have set up a basic test LVS-DR and LVS-NAT network and its working fine.
> (thanks for all the excellent documentation!)
>
> This is my problem:
>
> The network is set up in such a way, that the RIP's default gateways all
> point to a router (not the netscaler load balancer).
> After talking with some colleagues, I've come to realize that the
> Netscaler's NAT implementation is doing something different.
> They are essentially proxying the TCP connection, rewriting both the
> Destination and the Source before sending the packet
> off to the RIP. The RIP's reply goes through the default gateway (some
> random router) back to the Netscaler, which replies to the CIP.
> I've been going over the documentation and the mailing lists and am a bit
> unclear if I can use LVS to do this.
>
> One post regarding "ipvs and source nat" talks about the brownfield patch
> and lvs_nat_problems.
> Will these solve my problem? I'm not an iptables expert, but I plan on
> testing this out and seeing if I can get it all to work.
>
> Details of my DIP:
> Linux 2.6.18 kernel
> $ipvsadm -v   --> ipvsadm v1.24 2005/12/10 (compiled with getopt_long and
> IPVS v1.2.1)
> ( does this include the brownfield patch natively that Horms was working on?
> )
>
> Any advice or additional pointers you have would be well received.
>
> Thank you for your time,
>
> Philip
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>