From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Mon 27 Jun 2005 - 14:27:39 BST
On Mon, Jun 27, 2005 at 12:02:27AM +0200, Hans Eschler wrote:
> Dear Grisha.
>
> First thank you for your answer.
>
> I didn't mention. We use the linux-vserver version 1.2.10 stable.
> We now have a production qmail server running with two IPs on one physical host.
>
> The config of the vserver:
>
> S_CONTEXT=101
> IPROOT="ip1 ip2"
> IPROOTMASK=255.255.255.192
> IPROOTBCAST=*.*.*.*
> IPROOTDEV=eth0
> ONBOOT=yes
> S_HOSTNAME=srv1
> S_FLAGS='lock nproc'
> ULIMIT='-HS -u 1000'
> ...
>
> IP1 and IP2 are on the same subnet e.g. 141.1.1.10/24 and 141.1.1.11/24 and
> Both IPs are bound to eth0 as eth0:0 and eth0:1 not assigned via linux-vserver direct but via ifconfig eth0:0 ... and ifconfig eth0:1 ...
> This is working now for several weeks with many services inside the vserver
> Running on both ips with no problems.
>
> Now how to describe exactly what we want to do described with a working cluster example.
>
> In one of our running cluster installations we have the following:
>
> Loadbalancing with Direct Routing:
>
> VIP: 141.1.1.50/24 -> at the Loadbalancer
>
> REAL1: eth0 141.1.1.51/24
> Lo:0 141.1.1.50/24
>
> REAL2: eth0 141.1.1.52/24
> Lo:0 141.1.1.50/24
>
> Would it be possible to use it in linux-vserver like that:
>
> Loadbalancer:
>
> VIP: 141.1.1.1/24
>
> LinuxVserver Hostsystems:
>
> Hostsystem1:
> Eth0 141.10.1.1/24
>
> Hostsystem2:
> Eth0 141.10.1.2/24
>
> Realservers: (Linux-vserver virtual Machines on Realserver1 & 2)
>
> Virtualserver1(on hostsystem1):
>
> On hostsystem1:
> Lo:0 141.1.1.1/24
> Eth0:0 141.1.1.2/24
>
> And for vserver configuration as configured for our mailserver
> Described in the vserver config above.
>
> S_CONTEXT=101
> IPROOT="141.1.1.1 141.1.1.2"
> IPROOTMASK=255.255.255.0
> IPROOTBCAST=141.1.1.255
> IPROOTDEV=eth0
> ONBOOT=yes
> S_HOSTNAME=virtualnode1
> S_FLAGS='lock nproc'
> ULIMIT='-HS -u 1000'
>
> And for node2:
>
> Virtualserver2(on hostsystem2):
>
> On hostsystem2:
> Lo:0 141.1.1.1/24
> Eth0:0 141.1.1.3/24
>
> And for vserver configuration as configured for our mailserver
> Described in the vserver config above.
>
> S_CONTEXT=101
> IPROOT="141.1.1.1 141.1.1.3"
> IPROOTMASK=255.255.255.0
> IPROOTBCAST=141.1.1.255
> IPROOTDEV=eth0
> ONBOOT=yes
> S_HOSTNAME=virtualnode2
> S_FLAGS='lock nproc'
> ULIMIT='-HS -u 1000'
>
> That should be possible?!
the lo part is not that smart, assigning 'local'
but public ips to 'dummy' is a better approach IMHO
> Another question:
>
> The soloution described of you.. should it work with
> linux-vserver 1.2.10 too???
>
> We want to work with 1.2.10 since 1.9 and 2.0 aren't stable releases yet.
the upcoming 2.0 _is_ a stable release (that's the
basic principle of the numbering scheme ;)
> We actually use 1.2.10 on kernel 2.4.30 including enbd and fr1.
> When it will be stable, we will test and move to it if it is
> stable enough for us.
but in your case, have a look at the feature matrix
to see if you need 2.0 features at all ... if not
(and you are using x86 only, then the 1.2 branch is
probably the better choice)
> Thank you for your answers.
HTH,
Herbert
> Hans Eschler
>
>
> -----Ursprüngliche Nachricht-----
> Von: vserver-bounces_at_list.linux-vserver.org [mailto:vserver-bounces_at_list.linux-vserver.org] Im Auftrag von Gregory (Grisha) Trubetskoy
> Gesendet: Sonntag, 26. Juni 2005 03:34
> An: vserver_at_list.linux-vserver.org
> Betreff: Re: [Vserver] Virtual Cluster Question
>
>
> On Sun, 26 Jun 2005, Hans Eschler wrote:
>
> > What are the possibilities of using linux-vserver virtual machines with
> > loadbalancers.
> >
> > Roundrobin, direct routing or nat?
>
> We've had succesfully set up direct server return load-balancing, where
> vservers were on different physical machines.
>
> Direct server return means that the loadbalancer uses mac to send a packet
> which is then accepted by a server's kernel because the destination IP
> exists on the loopback interface. E.g. if the VIP is 1.2.3.4, then on
> every load balanced server you configure 1.2.3.4 on the loopback. Since
> loopbacks aren't visible from outside, there is no conflict.
>
> So for vserver, we used the dummy interfaces as the VIPs. There was a
> trick we had to do to alter the default ARP behaviour:
>
> echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
>
> Without this eth0 would answer even for the IP that's on the dummy
> interface.
>
> This was done with 1.9.x vserver. I haven't looked at how 2.0 deals with
> interfaces yet, I have a suspicion it might even be easier if we have a
> private loopback interface for every vserver.
>
> Grisha
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver