4.6. VIRTUAL SERVERS
Figure 4.5. The VIRTUAL SERVERS Panel
4.6.1. The VIRTUAL SERVER Subsection
Figure 4.6. The VIRTUAL SERVERS Subsection
- Enter a descriptive name to identify the virtual server. This name is not the host name for the machine, so make it descriptive and easily identifiable. You can even reference the protocol used by the virtual server, such as HTTP.
- Application port
- Enter the port number through which the service application will listen. Since this example is for HTTP services, port 80 is used.
- Choose between UDP and TCP in the drop-down menu. Web servers typically communicate by means of the TCP protocol, so this is selected in the example above.
- Virtual IP Address
- Enter the virtual server's floating IP address in this text field.
- Set the netmask for this virtual server with the drop-down menu.
- Firewall Mark
- Do not enter a firewall mark integer value in this field unless you are bundling multi-port protocols or creating a multi-port virtual server for separate, but related protocols. In this example, the above virtual server has a Firewall Mark of 80 because we are bundling connections to HTTP on port 80 and to HTTPS on port 443 using the firewall mark value of 80. When combined with persistence, this technique will ensure users accessing both insecure and secure webpages are routed to the same real server, preserving state.
WarningEntering a firewall mark in this field allows IPVS to recognize that packets bearing this firewall mark are treated the same, but you must perform further configuration outside of the Piranha Configuration Tool to actually assign the firewall marks. See Section 3.4, “Multi-port Services and Load Balancer Add-On” for instructions on creating multi-port services and Section 3.5, “Configuring FTP” for creating a highly available FTP virtual server.
- Enter the name of the network device to which you want the floating IP address defined the Virtual IP Address field to bind.You should alias the public floating IP address to the Ethernet interface connected to the public network. In this example, the public network is on the
eth0:1should be entered as the device name.
- Re-entry Time
- Enter an integer value which defines the length of time, in seconds, before the active LVS router attempts to bring a real server back into the pool after a failure.
- Service Timeout
- Enter an integer value which defines the length of time, in seconds, before a real server is considered dead and removed from the pool.
- Quiesce server
- When the Quiesce server radio button is selected, a real server weight will be set to 0 when it is unavailable. This effectively disables the real server. If the real server later becomes available, the real servers will be re-enabled by restoring its original weight. If Quiesce server is disabled, the failed real server will be removed from the server table. If and when the unavailable real server becomes available, it will be added back to the virtual server table.
- Load monitoring tool
- The LVS router can monitor the load on the various real servers by using either
ruptime. If you select
rupfrom the drop-down menu, each real server must run the
rstatdservice. If you select
ruptime, each real server must run the
WarningLoad monitoring is not the same as load balancing and can result in hard to predict scheduling behavior when combined with weighted scheduling algorithms. Also, if you use load monitoring, the real servers must be Linux machines.
- Select your preferred scheduling algorithm from the drop-down menu. The default is
Weighted least-connection. For more information on scheduling algorithms, see Section 1.3.1, “Scheduling Algorithms”.
- If an administrator needs persistent connections to the virtual server during client transactions, enter the number of seconds of inactivity allowed to lapse before a connection times out in this text field.
ImportantIf you entered a value in the Firewall Mark field above, you should enter a value for persistence as well. Also, be sure that if you use firewall marks and persistence together, that the amount of persistence is the same for each virtual server with the firewall mark. For more on persistence and firewall marks, see Section 1.5, “Persistence and Firewall Marks”.
- To limit persistence to particular subnet, select the appropriate network mask from the drop-down menu.
NoteBefore the advent of firewall marks, persistence limited by subnet was a crude way of bundling connections. Now, it is best to use persistence in relation to firewall marks to achieve the same result.