Hi Henrik,
We also use LVS + Squid setup.
But what I want to know is, if we have only two squid for reverse proxy,
can we setup only heartbeat for HA? (I mean don't use LVS).
Thanks again.
Henrik Nordstrom wrote:
> On tor, 2008-08-28 at 16:16 -0800, Chris Robertson wrote:
>
>> Consider me interested. I've had a bit of experience with heartbeat and
>> Zen (that was a fun learning project) and am looking to turn my visible
>> pool of servers into a single front end. What causes you to qualify
>> your statement about how well it works?
>
>
> For Squid you don't want heartbeat to stop/start Squid, let Squid run
> all the time on each node.
>
> What you want is a redundant load balancer infront of your Squids. Linux
> LVS is a fine load balancer engine, and ldirectord is a fine load
> balancer manager & monitor ontop of LVS (monitors the load balanced
> servers, making sure traffic only gets forwarded to healty ones.)
>
> heartbeat is a fine failover solution, and a ldirectord based load
> balancer is very easy to set up managed by heartbeat (ldirectord is part
> of the heartbeat package btw..)
>
> You can run also run Squid on the load balancer nodes if you like, even
> if some prefer having the load balancer separate. But if you need
> iptables conntrack/nat on the proxies then it's best not to mix the two
> on the same box... (LVS and iptables conntrack does not mix that well..
> possible but you'll need quite a bunch of special NOTRACK exception
> rules in iptables raw table)
>
> For efficiency and scalability reasons you want to run LVS in direct
> routing mode, which means that each node (all of them, load balancer and
> proxies) will have the service address configured, and this is routed
> via a heartbeat managed IP.
>
>
> clients -> Router -> Internet
> |
> v
> heartbeat managed IP
> Service IP with ldirectord/LVS balancer
> / / || \\
> Proxy nodes each with the service IP
>
> All connected on a shared switch with direct connection to the router.
>
> To reduce confusion about the location of the service IP it may be
> configured as an alias on loopback. There exists no physical network
> with the service IP network..
>
> The setup gets a bit simpler if you use NAT forwarding. But the traffic
> overhead on the load balancer is then more noticeable as it has to
> process all browser traffic, not just the request packets.. and in
> addition LVS NAT and transparent interception is a bad mix in case you
> need transparent interception of port 80...
>
> Regards
> Henrik
Received on Sat Aug 30 2008 - 02:01:13 MDT
This archive was generated by hypermail 2.2.0 : Sun Aug 31 2008 - 12:00:04 MDT