[TriLUG] Building a load balanced web cluster
Tue, 18 Sep 2001 00:44:42 -0400
I just finished building my second load balanced web-cluster using the LVS
project. This stuff works great and is extremely impressive!
For the price of a decent machine, anyone can now have built-in redundancy
and load-balancing for any of their common services: web, mail, ftp, etc...
I used VA Linux 6.2.4 as the server setup (with a 2.2.18 kernel). It comes
ready to roll with the LVS.
# === Notes on VS cluster setup ===
# these are the commands used to setup the virtual server for QA:
# First the ipchains rules:
ipchains -P forward DENY
ipchains -A forward -i eth0 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
# 1) set the policy to deny any forwarding,
# 2) allow forwarding traffic to the external interface
# (eth0 in this case) and masquerade the traffic,
# 3) turn on ip packet forwarding in the kernel.
# load any VS modules you will need
# Now for the VS commands:
ipvsadm -A -t 188.8.131.52:80 -s rr
ipvsadm -a -t 184.108.40.206:80 -r 10.1.71.14 -m
ipvsadm -a -t 220.127.116.11:80 -r 10.1.71.10 -m
# 1) create the entry in the table to forward (ip address and port)
# 18.104.22.168 port 80, forward using "round robin"
# 2) and 3) add two internal machines to forward to.
# Test the install by listing rule set:
# IP Virtual Server version 1.0.2 (size=4096)
# Prot LocalAddress:Port Scheduler Flags
# -> RemoteAddress:Port Forward Weight ActiveConn InActConn
# TCP 22.214.171.124:80 rr
# -> 10.1.71.10:80 Masq 1 0 0
# -> 10.1.71.14:80 Masq 1 0 0
# Prepare the two internal machines by changing their gateway settings.
# The director of the cluster (the machine with the external ip address
# of 126.96.36.199) has the internal ip address of 10.1.1.23.
# Set the two internal machines to use this server as their gateway.
# gateway = 10.1.1.23
=== end of notes ===
Now any web calls to 188.8.131.52 (this is only an example -- not a real
address) will be forwarded internally to my DMZ and handed off to one of two
machines. I can easily add a machine:
ipvsadm -a -t 184.108.40.206:80 -r New.Machine -m
or remove machines from the cluster:
ipvsadm -d -t 220.127.116.11:80 -r 10.1.71.14 -m
If I use this in conjunction with Netsaint, I can automagically remove a
failing machine from my cluster, and send out an alarm. Later, I can add it
right back in.
HtH - Jon