[Linux-HA] Checking multiple ports for one service?

Neil Katin linuxha at askneil.com
Sun Oct 25 21:23:28 MDT 2009 

I believe if you want them to be jointly persistent you have
to use firewall marks to do this, then balance on the mark.

The IPVS howto has details on this (see example 2):

http://kb.linuxvirtualserver.org/wiki/Ipvsadm

Amos Shapira wrote:
> Hello,
> 
> We use LVS on CentOS 5 to load-balance servers which serve multiple
> ports (let's say 80, 443 and 9000 for this question). Some of these
> ports are served through apache (80, 443) while others are served by a
> stand-alone process (9000).
> 
> We set them up as persistent (because all connections to all ports
> coming from the same client as part of a specific transaction should
> go to the same real server.
> 
> We did this by specifying each service for each port separately:
> 
> virtual=192.168.1.126:80
>         real=192.168.98.117:80 gate
>         real=192.168.98.126:80 gate
>         scheduler=rr
>         protocol=tcp
>         persistent=120
>         checktype=negotiate
>         service=http
>         request="lvs.txt"
>         receive="OK"
> 
> virtual=192.168.1.126:443
>         real=192.168.98.117:443 gate
>         real=192.168.98.126:443 gate
>         scheduler=rr
>         protocol=tcp
>         persistent=120
>         checktype=negotiate
>         service=https
>         request="lvs.txt"
>         receive="OK"
>         virtualhost=www.company.com
> 
> virtual=192.168.1.126:9000
>         real=192.168.98.117:9000 gate
>         real=192.168.98.126:9000 gate
>         scheduler=rr
>         protocol=tcp
>         persistent=120
>         checktype=negotiate
>         service=https
>         request="lvs.txt"
>         receive="OK"
>         virtualhost=www.company.com
> 
> We now noticed that this configuration is wrong - the persistence will
> be "per port" and not "per client" as we need it to be - port 80 could
> be served by one real server while port 443 from the same client could
> be served by another.
> 
> The documentation says that we should just not specify the port, so
> the following should replace the above three:
> 
> virtual=192.168.1.126:0
>         real=192.168.98.117:0 gate
>         real=192.168.98.126:0 gate
>         scheduler=rr
>         protocol=tcp
>         persistent=120
>         checktype=negotiate
>         service=https
>         request="lvs.txt"
>         receive="OK"
>         virtualhost=www.company.com
> 
> 1. Is this correct?
> 
> 2. If this is correct - is there a way to do the tests on ALL the
> ports and fail the entire sever if ANY of the ports fail? The only way
> I can find so far is to use an external script which will test all
> ports and fail if any of them is bad - is there a better way?
> 
> Thanks,
> 
> --Amos
> _______________________________________________
> Linux-HA mailing list
> Linux-HA at lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
>

More information about the Linux-HA mailing list