[lvs-users] ldirectord question

Anders Henke anders.henke at 1und1.de
Mon Jun 23 11:37:13 BST 2014


By using connection synchronization (ipvsadm --start-daemon), you can do the very same for a loadbalancer like what firewalls do for moving TCP states between failover pairs: your "active" loadbalancer does periodically send a list of currently known connections to your backup loadbalancer, who in order creates corresponding state entries.

If the primary loadbalancer fails and your backup loadbalancer kicks in, it's aware of almost all states known at the failed loadbalancer. The backup loadbalancer may continue where the broken loadbalancer did leave off.

However, this doesn't help with your original question: if the actual endpoint of your tcp connection dies (your realserver), there's nothing else then trying to re-establish a new connection.




Best,
Anders


On 20.06.2014, Ilo Lorusso wrote:
> Thanks for the feedback,
> 
> Once we have scheduled new connections to the new real server and we have this existing connection  using quiescence ,
> 
> Why can't we move that existing connection to another real server ?
> 
> I know firewalls can move existing connections and TCP states between failover pairs 
> 
> -----Original Message-----
> From: lvs-users-bounces at linuxvirtualserver.org [mailto:lvs-users-bounces at linuxvirtualserver.org] On Behalf Of Simon Horman
> Sent: Friday, June 20, 2014 3:07 AM
> To: Aaron West
> Cc: LinuxVirtualServer.org users mailing list.
> Subject: Re: [lvs-users] ldirectord question
> 
> Hi,
> 
> On Thu, Jun 19, 2014 at 06:20:02PM +0100, Aaron West wrote:
> > Hi Ilo,
> > 
> > To my knowledge a real server failing a health check done by an agent 
> > such as ldirectord/keepalived is pulled from the LVS table.
> > 
> > This will break any established connections to this server. A new 
> > connection should then start on a remaining live server on the next 
> > click/refresh for something like a web application or next connection 
> > retry for something else.
> 
> It is possible, though not necessarily desirable, to avoid breaking existing connections by using quiescence. On the LVS side this is implemented by setting a server weight to zero, which allows existing connections to continue but prevents new connections from being "scheduled".
> 
> This is exposed in ldirectord as a quiescence setting by which it sets the weight of a real-server to zero rather than removing it in the case where its health check fails.
> 
> I am not familiar with keepalived but I suspect it has a similar feature.
> 
> > How this affects your app/users depends on your application design, 
> > mostly HTTP sessions would be fine while things like RDP/SSH/HTTPS 
> > would require you to reconnect/re-authenticate.
> > 
> > Regards
> > 
> > Aaron West
> > 
> > 
> > On 19 June 2014 16:42, Ilo Lorusso <IloL at bankservafrica.com> wrote:
> > 
> > > Hi ,
> > >
> > >
> > > I have a general question of how ldirectord works, I have setup my 
> > > virtual service and real servers
> > >
> > > I have an active connection and traffic is flowing through to the 
> > > real server perfectly as shown below
> > >
> > >
> > > I want to know is it possible to move an established connection 
> > > between the real servers without resetting or reestablishing the TCP connection ?
> > >
> > > [root at lbmaster ~]# ipvsadm -Ln
> > > IP Virtual Server version 1.2.1 (size=32768) Prot LocalAddress:Port 
> > > Scheduler Flags
> > >   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> > > TCP  172.16.162.190:40054 wlc persistent 300
> > >   -> 172.16.162.199:40054         Masq    100    1          0
> > >   -> 172.16.162.200:40054         Masq    99     0          0
> > >
> > > BankservAfrica is a BBBEE level 4 procurement contributor
> > >
> > > This e-mail and its attachments, if any, are subject to 
> > > BankservAfrica's e-mail disclaimer which is available on 
> > > http://www.bankservafrica.com/Contactus/EmailDisclaimer.aspx
> > >
> > > Please consider the environment before printing this e-mail!
> > > _______________________________________________
> > > Please read the documentation before posting - it's available at:
> > > http://www.linuxvirtualserver.org/
> > >
> > > LinuxVirtualServer.org mailing list - 
> > > lvs-users at LinuxVirtualServer.org Send requests to 
> > > lvs-users-request at LinuxVirtualServer.org
> > > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > >
> > _______________________________________________
> > Please read the documentation before posting - it's available at:
> > http://www.linuxvirtualserver.org/
> > 
> > LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org 
> > Send requests to lvs-users-request at LinuxVirtualServer.org
> > or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> > 
> 
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
> 
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> 
> BankservAfrica is a BBBEE level 4 procurement contributor
> 
> This e-mail and its attachments, if any, are subject to BankservAfrica's e-mail disclaimer which is available on 
> http://www.bankservafrica.com/Contactus/EmailDisclaimer.aspx 
> 
> Please consider the environment before printing this e-mail!



> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
> 
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users

-- 
1&1 Internet AG              Expert Systems Architect (IT Operations)
Brauerstrasse 50             v://49.721.91374.0
D-76135 Karlsruhe            f://49.721.91374.225

Amtsgericht Montabaur HRB 6484
Vorstand: Ralph Dommermuth, Frank Einhellinger, Robert Hoffmann, 
Andreas Hofmann, Markus Huhn, Hans-Henning Kettler, Uwe Lamnek, 
Jan Oetjen, Christian Würst
Aufsichtsratsvorsitzender: Michael Scheeren



More information about the lvs-users mailing list