Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Linux Virtual Server>
  3. Users
[lvs-users] lvs works behind a hareware firewall through public network
sunnansong at diditaxi
Oct 24, 2013, 3:58 AM
Post #1 of 2 (732 views)
Permalink
Hi there !



I have an emergency problem now , and I join this mail list expect
some help , thanks all of you !



The case scene:

user ----> public IP( supplied by a hardware firewall) ----->
public IP(supplied by LVS : NAT,rr) ----> 5 Real Servers(nginx¡¢php-fpm)
----> Mysql

maybe you can see the hidden trouble , lvs only can see only one
client(one prublic IP , the hardware firewall)



The trouble is:

Sometimes , the request is very unbalanced !

lvs puts a lots of requests to 1 real server. And this poor¡¢unlucky real
server have to handle 3 times more then others!

I count this from the nginx access.log

most of the times , lvs balances well!

I try to use LeastConn instead of RoundRobin, but doest effect.



(some one said the frewall and LVS should work in a LAN, why must I
use this architecture? Because some more cold backup firewalls are in
different IDC. to prevent DDOS and redundancy )



Any ideas ? Thanks very mych !

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] lvs works behind a hareware firewall through public network [ In reply to ]
vincent.mc.li at gmail
Nov 4, 2013, 3:49 PM
Post #2 of 2 (696 views)
Permalink
do you have any sort of persistence configuration in LVS? it is
unlikely caused by LVS if you have no persistence in LVS. what does
ipvsadm -L -n look like ? how do you count the access log? counting
for HTTP request on same tcp connection (http cookie maybe involved
and not really imbalance of LVS) or different tcp connection to
server? do you have tcpdump shows imbalanced connection to server?

Vincent



On Thu, Oct 24, 2013 at 3:58 AM, 孙楠松 <sunnansong@diditaxi.com.cn> wrote:
> Hi there !
>
>
>
> I have an emergency problem now , and I join this mail list expect
> some help , thanks all of you !
>
>
>
> The case scene:
>
> user ----> public IP( supplied by a hardware firewall) ----->
> public IP(supplied by LVS : NAT,rr) ----> 5 Real Servers(nginx、php-fpm)
> ----> Mysql
>
> maybe you can see the hidden trouble , lvs only can see only one
> client(one prublic IP , the hardware firewall)
>
>
>
> The trouble is:
>
> Sometimes , the request is very unbalanced !
>
> lvs puts a lots of requests to 1 real server. And this poor、unlucky real
> server have to handle 3 times more then others!
>
> I count this from the nginx access.log
>
> most of the times , lvs balances well!
>
> I try to use LeastConn instead of RoundRobin, but doest effect.
>
>
>
> (some one said the frewall and LVS should work in a LAN, why must I
> use this architecture? Because some more cold backup firewalls are in
> different IDC. to prevent DDOS and redundancy )
>
>
>
> Any ideas ? Thanks very mych !
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal