* Poor mans cluster question
@ 2005-10-04 6:19 Gary W. Smith
2005-10-04 8:24 ` Taylor, Grant
[not found] ` <57F9959B46E0FA4D8BA88AEDFBE582900B581D@pxtbenexd01.pxt.primeexalia.co m>
0 siblings, 2 replies; 3+ messages in thread
From: Gary W. Smith @ 2005-10-04 6:19 UTC (permalink / raw)
To: netfilter
Hello,
I need to setup a very simple cluster for testing a couple different
devices and applications. I'm not looking for perfection.
What I have are 3 web servers in our test environment. We are testing
both Windows and a Linux web server at the same time. We basically want
to round robin traffic via IP to any one of the 3 servers. My
understanding is that the following should make this happen:
-A PREROUTING -d 10.0.16.89 -j DNAT --to 10.0.16.90-10.0.16.92
But it doesn't. I figure the next step would be to implement the
CLUSTERIP but I'm not sure how to do this. I'd really like to do this
at the firewall level as the production environment uses local director
for load balancing.
Is there a better approach without having to modify the OS? I'm not
looking for failover but rather round robin. DNS hasn't been doing the
round robin the way we wanted on the local LAN (as a single workstation
will get stuck with a single IP for that session).
Gary Wayne Smith
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Poor mans cluster question
2005-10-04 6:19 Poor mans cluster question Gary W. Smith
@ 2005-10-04 8:24 ` Taylor, Grant
[not found] ` <57F9959B46E0FA4D8BA88AEDFBE582900B581D@pxtbenexd01.pxt.primeexalia.co m>
1 sibling, 0 replies; 3+ messages in thread
From: Taylor, Grant @ 2005-10-04 8:24 UTC (permalink / raw)
To: Gary W. Smith; +Cc: netfilter
Gary W. Smith wrote:
> Hello,
>
> I need to setup a very simple cluster for testing a couple different
> devices and applications. I'm not looking for perfection.
>
> What I have are 3 web servers in our test environment. We are testing
> both Windows and a Linux web server at the same time. We basically want
> to round robin traffic via IP to any one of the 3 servers. My
> understanding is that the following should make this happen:
>
> -A PREROUTING -d 10.0.16.89 -j DNAT --to 10.0.16.90-10.0.16.92
I'm not quite sure how the DNATing will be handled between the 3 IPs as I have never done any thing like this. But I'm willing to bet that your router is caching the host that it sent the traffic to and will send the traffic to the same host all the time (our at least until the cache is idle and times out).
There is one thing that I'm fairly sure of though. If you sniff the traffic coming in to your servers you will see the traffic as from the client IP to the server IP and thus the server will reply back directly to the client thus confusing the client TCP/IP stack to droping the return traffic. To handle this you will need to SNAT the traffic that is going to the servers such that it appears to be coming from your firewall and thus will go back to the firewall where it will be unNATed and thus go back to the correct client.
> But it doesn't. I figure the next step would be to implement the
> CLUSTERIP but I'm not sure how to do this. I'd really like to do this
> at the firewall level as the production environment uses local director
> for load balancing.
>
> Is there a better approach without having to modify the OS? I'm not
> looking for failover but rather round robin. DNS hasn't been doing the
> round robin the way we wanted on the local LAN (as a single workstation
> will get stuck with a single IP for that session).
I don't think that DNS will have any thing to do with this, or not much of one any way. From what you originally posted you are using IPTables to do your RR DNAT which will never resolve names to IPs after the rule insertion point. Now if you have your 3 IPs aliased on your firewalls interface and you are RR DNS resolving the IPs you will probably need to set the cache time to live to something crazy low, say 1 minute or less? This will force your client's to re-resolve the IP to connect to, presuming that their client DNS resolver librarys act the way that they should.
Is there a reason you are not looking at the Linux Virtual Server Project? I think you would be able to fairly easily implement the LVS director on your system with out doing too much OS reconversion?
Grant. . . .
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Poor mans cluster question
[not found] ` <57F9959B46E0FA4D8BA88AEDFBE582900B581D@pxtbenexd01.pxt.primeexalia.co m>
@ 2005-10-04 9:48 ` Rob Sterenborg
0 siblings, 0 replies; 3+ messages in thread
From: Rob Sterenborg @ 2005-10-04 9:48 UTC (permalink / raw)
To: netfilter
On Tue, October 4, 2005 08:19, Gary W. Smith wrote:
> Hello,
>
> I need to setup a very simple cluster for testing a couple different
> devices and applications. I'm not looking for perfection.
>
> What I have are 3 web servers in our test environment. We are testing
> both Windows and a Linux web server at the same time. We basically
> want
> to round robin traffic via IP to any one of the 3 servers. My
> understanding is that the following should make this happen:
>
> -A PREROUTING -d 10.0.16.89 -j DNAT --to 10.0.16.90-10.0.16.92
Perhaps the nth patch from POM will work for you :
http://www.netfilter.org/patch-o-matic/pom-base.html#pom-base-nth
See these threads :
https://lists.netfilter.org/pipermail/netfilter/2003-October/047215.html
http://linuxgazette.net/108/odonovan.html
Gr,
Rob
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-10-04 9:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-10-04 6:19 Poor mans cluster question Gary W. Smith
2005-10-04 8:24 ` Taylor, Grant
[not found] ` <57F9959B46E0FA4D8BA88AEDFBE582900B581D@pxtbenexd01.pxt.primeexalia.co m>
2005-10-04 9:48 ` Rob Sterenborg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox