Alexandre CASSEN wrote:
>
> Re,
>
> Arrowpoint propose nice functionnalities. To sum up quickly, it use
> specialized ASICS to perform NAT translation. I am using CS50.
Are there any RISC processors involved? The Alteon load balancer ACE
director2 f.e. has 2 extra RISCs to process the NAT code and some other
unusable stuff.
> It is great for Firewall loadbalancing. You can create a topology with
> 2 firewall, each firewall have one NIC connected on each Arrowpoint.
> Then you define commutation circuits to ensure a persistence connection
> for a specified flow.
Does this mean that is one link fails the other one automagically takes
precendence over the failed link and the connections are not lost?
> For simple web loadbalancing, or other tcp services, they had
> implemented in a old framework a "sticky-group" notion. They have
> removed this
> from their framework because it was too buggy. This functionnality can
> be a good addon to LVS :) => It mean that :
It's already there IMHO, maybe a little bit with a tricky setup.
> - You define your services (HTTP, SSL, FTP, ...)
> - You define a sticky-group for HTTP & SSL
>
> => So when a user connection start on one server for HTTP, this
> "sticky-group" notion give a persistent transition : when the user
> switch from the web app to secure SSL mode, he is sticked to the same
> server. It could be really nice if you are using server sessions var !
> (like websphere for example).
Two possibilities to solve this ``problem'' with LVS:
1. Use port 0 in your setup. (adv.: easy to set up and easy understand)
2. Use fwmark and group them together. (adv.: finer port granularity possible)
Example (1):
------------
ipvsadm -A -t 192.168.1.100:0 -s wlc -p 333 -M 255.255.255.255
ipvsadm -a -t 192.168.1.100:0 -r 192.168.1.1 -g -w 1
ipvsadm -a -t 192.168.1.100:0 -r 192.168.1.2 -g -w 1
Example (2):
------------
ipchains -A input -j ACCEPT -p tcp -d 192.168.1.100/32 80 -m 1 -l
ipchains -A input -j ACCEPT -p tcp -d 192.168.1.100/32 443 -m 1 -l
ipvsadm -A -f 1 -s wlc -p 333 -M 255.255.255.255
ipvsadm -a -f 1 -r 192.168.1.1 -g -w 1
ipvsadm -a -f 1 -r 192.168.1.2 -g -w 1
have phun,
Roberto Nibali, ratz
--
mailto: `echo NrOatSz@tPacA.cMh | sed 's/[NOSPAM]//g'`
>
> Re,
>
> Arrowpoint propose nice functionnalities. To sum up quickly, it use
> specialized ASICS to perform NAT translation. I am using CS50.
Are there any RISC processors involved? The Alteon load balancer ACE
director2 f.e. has 2 extra RISCs to process the NAT code and some other
unusable stuff.
> It is great for Firewall loadbalancing. You can create a topology with
> 2 firewall, each firewall have one NIC connected on each Arrowpoint.
> Then you define commutation circuits to ensure a persistence connection
> for a specified flow.
Does this mean that is one link fails the other one automagically takes
precendence over the failed link and the connections are not lost?
> For simple web loadbalancing, or other tcp services, they had
> implemented in a old framework a "sticky-group" notion. They have
> removed this
> from their framework because it was too buggy. This functionnality can
> be a good addon to LVS :) => It mean that :
It's already there IMHO, maybe a little bit with a tricky setup.
> - You define your services (HTTP, SSL, FTP, ...)
> - You define a sticky-group for HTTP & SSL
>
> => So when a user connection start on one server for HTTP, this
> "sticky-group" notion give a persistent transition : when the user
> switch from the web app to secure SSL mode, he is sticked to the same
> server. It could be really nice if you are using server sessions var !
> (like websphere for example).
Two possibilities to solve this ``problem'' with LVS:
1. Use port 0 in your setup. (adv.: easy to set up and easy understand)
2. Use fwmark and group them together. (adv.: finer port granularity possible)
Example (1):
------------
ipvsadm -A -t 192.168.1.100:0 -s wlc -p 333 -M 255.255.255.255
ipvsadm -a -t 192.168.1.100:0 -r 192.168.1.1 -g -w 1
ipvsadm -a -t 192.168.1.100:0 -r 192.168.1.2 -g -w 1
Example (2):
------------
ipchains -A input -j ACCEPT -p tcp -d 192.168.1.100/32 80 -m 1 -l
ipchains -A input -j ACCEPT -p tcp -d 192.168.1.100/32 443 -m 1 -l
ipvsadm -A -f 1 -s wlc -p 333 -M 255.255.255.255
ipvsadm -a -f 1 -r 192.168.1.1 -g -w 1
ipvsadm -a -f 1 -r 192.168.1.2 -g -w 1
have phun,
Roberto Nibali, ratz
--
mailto: `echo NrOatSz@tPacA.cMh | sed 's/[NOSPAM]//g'`