The Greased Turkey Document [1]
or
How to set up a load-sharing server
Release History: 0.01alpha - Rob Thomas - rob@rpi.net.au
[Bootstrap of the documentation]
This document was written with [homepage link] ippvs version 0.5
and Linux Kernel [kernel.org link] 2.0.35 in mind.
1: Overview
This document coveres the basics of what ippvs does, how it
works, and how to set it up. I expect it to expand to cover a
decent man(8) page, and a FAQ.
2: What does it do?
ippvs is a kernel modification that offers a NAT-style load
sharing for multiple virtual servers. What we mean by this is
that you have one 'listening' machine, that transparently (and
incredibly quickly) redirect clients connection requests to other
machines. The advantages of doing this is that it allows you to
have huge arrays of redundant and load sharing servers.
A good example of this (and the example that we will be following
through this entire document) is the setting up of a cluster of
load-sharing proxy servers, at a very, very, low cost-per-tps
rate. It's also perfectly suited to serving normal web traffic,
or allmost anything that can be served over TCP or UDP. The only
caveat is that it will NOT work with ftp services, because ftp
services are too smart for their own good. [quick overview of how
ftpd tells the client which ip and port to connect to, and how
that will break the NAT]
3: How does it work?
In this document, as mentioned above, we will be going through
how to set up an array of proxy servers, that appear to the
clients as one physical machine. The first thing you should
realise is how the machines should be wired together. [2]
[ --- HUB --- ]
[proxy server 1]<-eth0------------+ | | | | | | +--------eth0->[proxy server 4]
[proxy server 2]<-eth0--------------+ | | | | +----------eth0->[proxy server 5]
[proxy server 3]<-eth0----------------+ | | +------------eth0->[proxy server 6]
| |
| |
| +--eth1->[ippvs server 0]<-eth0-------...local network...
+----eth1->[ippvs server 1]<-eth0-------...local network...
ippvs server 0: eth0: 203.1.1.2 [Machine's IP address] eth0:0 203.1.1.10 [Permanant load-sharing IP address] eth0:1 203.1.1.11 [Only up if ippvs1 dies - usually DOWN] eth1: 10.1.1.254 [Private LAN IP address - non routeable, as only the proxy servers see it] eth1:0 10.1.1.253 [Only up if ippvs1 dies - usually DOWN] ippvs server 1: eth0: 203.1.1.3 [Machine's IP address] eth0:0 203.1.1.11 [Permanant load-sharing IP address] eth0:1 203.1.1.10 [Only up if ippvs0 dies - usually DOWN] eth1: 10.1.1.253 [Private LAN IP address - non routeable, as only the proxy servers see it] eth1:0 10.1.1.254 [Only up if ippvs0 dies - usually DOWN] proxy server 1: eth0: 10.1.1.1 default route to 10.1.1.254 proxy server 2: eth0: 10.1.1.2 default route to 10.1.1.254 proxy server 3: eth0: 10.1.1.3 default route to 10.1.1.254 proxy server 4: eth0: 10.1.1.4 default route to 10.1.1.253 proxy server 5: eth0: 10.1.1.5 default route to 10.1.1.253 proxy server 6: eth0: 10.1.1.6 default route to 10.1.1.253This looks a bit complex, but if you're not interested in setting up a fault-tolerant network you don't need the second ippvs server, or to have half the servers talking to one machine, and the other half talking to the other machine.
On ippvs0: ipfwadm -F -a m 10.1.2.0/24 -D 0.0.0.0/0 (?? No descrption of '-a m' in man ipfwadm?) ippfvsadm -A -t 203.1.1.10:8080 -R 10.1.1.1:8080 - Redirect _T_CP connections to 203.1.1.10:8080 to 10.1.1.1:8080 ippfvsadm -A -t 203.1.1.10:8080 -R 10.1.1.2:8080 - and 10.1.1.2:8080 ippfvsadm -A -t 203.1.1.10:8080 -R 10.1.1.3:8080 - and 10.1.1.3:8080 On ippvs1: ipfwadm -F -a m 10.1.2.0/24 -D 0.0.0.0/0 (?? No descrption of '-a m' in man ipfwadm?) ippfvsadm -A -t 203.1.1.11:8080 -R 10.1.1.1:8080 - Redirect _T_CP connections to 203.1.1.11:8080 to 10.1.1.4:8080 ippfvsadm -A -t 203.1.1.11:8080 -R 10.1.1.2:8080 - and 10.1.1.5:8080 ippfvsadm -A -t 203.1.1.11:8080 -R 10.1.1.3:8080 - and 10.1.1.6:8080