1 / 10

Scaling Service Requests

Scaling Service Requests. Linux: ipvsadm & iptoip. Initially. Outside Client. Gateway. Inside Server. Outside Client. 137.155.37.33. 137.155.37.34. At this stage the server is able to keep up with client requests at a satisfactory level! No masquerading… assuming valid IPs for

varian
Download Presentation

Scaling Service Requests

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Scaling Service Requests Linux: ipvsadm & iptoip

  2. Initially Outside Client Gateway Inside Server Outside Client 137.155.37.33 137.155.37.34 At this stage the server is able to keep up with client requests at a satisfactory level! No masquerading… assuming valid IPs for gateway and the inside server.

  3. Eventually Requests GROW! Outside Client Outside Client Gateway Inside Server Outside Client 137.155.37.33 137.155.37.34 At this stage the server is NOT able to keep up with client requests at a satisfactory level! No masquerading… assuming valid IPs for gateway and the inside server. Outside Client Outside Client

  4. Solutions? • Software configuration of the server to allocate multiple server processes • manage preallocation if necessary • Hardware • Buy another server • requires reconfiguration and upgrading as demand grows • Create a scalable solution that grows incrementally as the demand grows • USE ipvsadm!

  5. ipvsadm as a scalable solution • Set to look at a port / ip and map the request to a different set of ips • Allows different load balancing algorithms • Requires only that you duplicate the original server machine. • Provides hardware and software concurrency.

  6. ipvsadmIPVirtual Server ADMinistration Inside Server 137.155.37.34 Outside Clients Gateway Inside Server 137.155.37.33 137.155.37.35 For simplicity, assume a web server running on port 80 ipvsadm -A -t 137.155.37.33:80 -s rr ipvsadm -a -t 137.155.37.33:80 -r 137.155.37.34 -g ipvsadm -a -t 137.155.37.33:80 -r 137.155.37.35 -g

  7. Ipvsadm runs here! Sets up 80 to redirect, scheduling round-robin (-s rr) Add a real server routing to ..37.34 Add virtual server Add REAL server No masquerading Inside Server :80 :80 137.155.37.34 Outside Clients Gateway :80 Inside Server 137.155.37.33 137.155.37.35 tcp ipvsadm -A -t 137.155.37.33:80 -s rr ipvsadm -a -t 137.155.37.33:80 -r 137.155.37.34 -g ipvsadm -a -t 137.155.37.33:80 -r 137.155.37.35 -g

  8. What if you are masquerading? • Add the server behind the firewall. • Use basically the same approach but set up a few simple modifications • First, don’t use -g which indicates standard gateway forwarding, instead use -m • Second, be sure to add commands to allow for forwarding masqueraded packet to ipchains/iptables/etc. for packets behind the firewall going out.

  9. Ipvsadm runs here! masquerading Inside Server :80 :80 192.168.10.10 Outside Clients Gateway :80 Inside Server 137.155.37.33 192.168.10.11 Add a real server routing to ..10.10 First ipvsadm -A -t 137.155.37.33:80 -s rr ipvsadm -a -t 137.155.37.33:80 -r 192.168.10.10-m ipvsadm -a -t 137.155.37.33:80 -r 192.168.10.11-m Second (ipchains) ipchains -A forward -j MASQ -s 192.168.10.0/24 -d 0.0.0.0/0 (this may not be necessary if entire network is already masqueraded)

  10. Other points • Setting up ftp requires some special configuration (see man pages) • iptoip can do some of this for you but it only does TCP not UDP • use -u to map UDP services • files for linux configuration in /etc/sysconfig but file names may vary.

More Related