4.6. VIRTUAL SERVERS
Figure 4.5. The VIRTUAL SERVERS Panel
4.6.1. The VIRTUAL SERVER Subsection
Figure 4.6. The VIRTUAL SERVERS Subsection
- Enter a descriptive name to identify the virtual server. This name is not the host name for the machine, so make it descriptive and easily identifiable. You can even reference the protocol used by the virtual server, such as HTTP.
- Application port
- Enter the port number through which the service application will listen. Since this example is for HTTP services, port 80 is used.
- Choose between UDP and TCP in the drop-down menu. Web servers typically communicate by means of the TCP protocol, so this is selected in the example above.
- Virtual IP Address
- Enter the virtual server's floating IP address in this text field.
- Set the netmask for this virtual server with the drop-down menu.
- Firewall Mark
- Do not enter a firewall mark integer value in this field unless you are bundling multi-port protocols or creating a multi-port virtual server for separate, but related protocols. In this example, the above virtual server has a Firewall Mark of 80 because we are bundling connections to HTTP on port 80 and to HTTPS on port 443 using the firewall mark value of 80. When combined with persistence, this technique will ensure users accessing both insecure and secure webpages are routed to the same real server, preserving state.
WarningEntering a firewall mark in this field allows IPVS to recognize that packets bearing this firewall mark are treated the same, but you must perform further configuration outside of the Piranha Configuration Tool to actually assign the firewall marks. See Section 3.4, “Multi-port Services and Load Balancer Add-On” for instructions on creating multi-port services and Section 3.5, “Configuring FTP” for creating a highly available FTP virtual server.
- Enter the name of the network device to which you want the floating IP address defined the Virtual IP Address field to bind.You should alias the public floating IP address to the Ethernet interface connected to the public network. In this example, the public network is on the
eth0:1should be entered as the device name.
- Re-entry Time
- Enter an integer value which defines the length of time, in seconds, before the active LVS router attempts to bring a real server back into the pool after a failure.
- Service Timeout
- Enter an integer value which defines the length of time, in seconds, before a real server is considered dead and removed from the pool.
- Quiesce server
- When the Quiesce server radio button is selected, a real server weight will be set to 0 when it is unavailable. This effectively disables the real server. If the real server later becomes available, the real servers will be re-enabled by restoring its original weight. If Quiesce server is disabled, the failed real server will be removed from the server table. If and when the unavailable real server becomes available, it will be added back to the virtual server table.
- Load monitoring tool
- The LVS router can monitor the load on the various real servers by using either
ruptime. If you select
rupfrom the drop-down menu, each real server must run the
rstatdservice. If you select
ruptime, each real server must run the
WarningLoad monitoring is not the same as load balancing and can result in hard to predict scheduling behavior when combined with weighted scheduling algorithms. Also, if you use load monitoring, the real servers must be Linux machines.
- Select your preferred scheduling algorithm from the drop-down menu. The default is
Weighted least-connection. For more information on scheduling algorithms, see Section 1.3.1, “Scheduling Algorithms”.
- If an administrator needs persistent connections to the virtual server during client transactions, enter the number of seconds of inactivity allowed to lapse before a connection times out in this text field.
ImportantIf you entered a value in the Firewall Mark field above, you should enter a value for persistence as well. Also, be sure that if you use firewall marks and persistence together, that the amount of persistence is the same for each virtual server with the firewall mark. For more on persistence and firewall marks, see Section 1.5, “Persistence and Firewall Marks”.
- To limit persistence to particular subnet, select the appropriate network mask from the drop-down menu.
NoteBefore the advent of firewall marks, persistence limited by subnet was a crude way of bundling connections. Now, it is best to use persistence in relation to firewall marks to achieve the same result.
4.6.2. REAL SERVER Subsection
Figure 4.7. The REAL SERVER Subsection
Figure 4.8. The REAL SERVER Configuration Panel
- A descriptive name for the real server.
NoteThis name is not the host name for the machine, so make it descriptive and easily identifiable.
- The real server's IP address. Since the listening port is already specified for the associated virtual server, do not add a port number.
- An integer value indicating this host's capacity relative to that of other hosts in the pool. The value can be arbitrary, but treat it as a ratio in relation to other real servers in the pool. For more on server weight, see Section 1.3.2, “Server Weight and Scheduling”.
4.6.3. EDIT MONITORING SCRIPTS Subsection
Figure 4.9. The EDIT MONITORING SCRIPTS Subsection
- Sending Program
- For more advanced service verification, you can use this field to specify the path to a service-checking script. This functionality is especially helpful for services that require dynamically changing data, such as HTTPS or SSL.To use this functionality, you must write a script that returns a textual response, set it to be executable, and type the path to it in the Sending Program field.
NoteTo ensure that each server in the real server pool is checked, use the special token
%hafter the path to the script in the Sending Program field. This token is replaced with each real server's IP address as the script is called by the
nannydaemon.The following is a sample script to use as a guide when composing an external service-checking script:
#!/bin/sh TEST=`dig -t soa example.com @$1 | grep -c dns.example.com if [ $TEST != "1" ]; then echo "OK else echo "FAIL" fi
NoteIf an external program is entered in the Sending Program field, then the Send field is ignored.
- Enter a string for the
nannydaemon to send to each real server in this field. By default the send field is completed for HTTP. You can alter this value depending on your needs. If you leave this field blank, the
nannydaemon attempts to open the port and assume the service is running if it succeeds.Only one send sequence is allowed in this field, and it can only contain printable, ASCII characters as well as the following escape characters:
- \n for new line.
- \r for carriage return.
- \t for tab.
- \ to escape the next character which follows it.
- Enter a the textual response the server should return if it is functioning properly. If you wrote your own sending program, enter the response you told it to send if it was successful.
NoteTo determine what to send for a given service, you can open a
telnetconnection to the port on a real server and see what is returned. For instance, FTP reports 220 upon connecting, so could enter
quitin the Send field and
220in the Expect field.