[lvs-users] multi-port persistence for http/https - unclear documentation

David Coulson david at davidcoulson.net
Sun Nov 25 14:20:28 GMT 2012


Your 250/251 configs are essentially equivalent. The only difference is ldirectord is checking a different port for availability. In dr/gate mode, ipvs doesn't modify the port number at all. Your example with port zero would also work, except the ldirectord health checks would fail. You would either need to set a checkport directive, or change the port for each real server to something checkable. 

As I said last time, in dr/gate mode ipvs doesn't care about the port in the real server as all it modifies is the dst MAC address in the Ethernet frame and does not touch the ip packet at all (including top headers). 

Sent from my iPad

On Nov 25, 2012, at 6:52 AM, Tomasz Chmielewski <mangoo at wpkg.org> wrote:

> On 11/25/2012 03:12 AM, David Coulson wrote:
>> 
>> If you use gateway/DR mode, it will not rewrite the IP packet (just
>> the Ethernet headers to send it to the real server). So it will go
>> the same port (as well as destination IP) as the original packet.
>> 
>> Did you actually try the config and have a problem, or are you just
>> assuming it won't work?
> 
> Hi,
> 
> with my current setup, I'm pretty sure port :80 may get directed to one realserver, while port :443 may be directed to a different one.
> 
> I use marking in iptables, since some directors may be realservers, too.
> My ldirectord config is as follows (251 and 2510 - marks made with iptables):
> 
> virtual = 251
>     protocol = fwm
>     scheduler = wlc
>     persistent = 300
>     real = server1:80 gate 20
>     real = server2:80 gate 20
>     real = server3:80 gate 20
>     real = server4:80 gate 20
>     virtualhost = example.com
>     request = "/ping/"
>     receive = "ALIVE"
>     service = http
> 
> virtual = 2510
>     protocol = fwm
>     scheduler = wlc
>     persistent = 300
>     real = server1:443 gate 20
>     real = server2:443 gate 20
>     real = server3:443 gate 20
>     real = server4:443 gate 20
>     virtualhost = example.com
>     request = "/ping/"
>     receive = "ALIVE"
>     service = https
> 
> 
> Am I correct to think that to use multi-port persistence, I'd have to use just one iptables mark, and the following ldirectrd config:
> 
> virtual = $NEW_MARK
>     protocol = fwm
>     scheduler = wlc
>     persistent = 300
>     real = server1:0 gate 20
>     real = server2:0 gate 20
>     real = server3:0 gate 20
>     real = server4:0 gate 20
>     virtualhost = example.com
>     request = "/ping/"
>     receive = "ALIVE"
>     service = https
> 
> 
> (basically, one mark in iptables, and :0 as a port in ldirectord config).
> 
> Let me know if that would be correct?
> 
> 
> -- 
> Tomasz Chmielewski
> http://blog.wpkg.org




More information about the lvs-users mailing list