DOCSLIB.ORG

Loadbalancer.Org Appliance Setup V5.9

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Loadbalancer.Org Appliance Setup V5.9 Loadbalancer.org Appliance Setup v5.9 This document covers the basic steps required to setup the Loadbalancer.org appliances. Please pay careful attention to the section on the ARP problem for your real server OS. Copyright © Loadbalancer.org Limited 2002-2007 Table of Contents Loadbalancer.org Appliance Setup v5.8..............................................................................................1 Planing.............................................................................................................................................3 Example Layer 4 configuration.......................................................................................................4 Refining the planing....................................................................................................................5 Finalizing the network diagram.......................................................................................................6 Example Network Diagram: Direct Routing Mode.........................................................................7 Example Network Diagram: Network Address Translation Mode.................................................8 A bit more detail on the NAT style set up.......................................................................................9 A Firewall is simple in theory but can be complex in practice:....................................................11 Explaining the RIP & VIP.............................................................................................................12 Configuring your Loadbalancer.org appliance..............................................................................13 Physical network configuration................................................................................................13 Modify Logical Virtual Server Configuration..........................................................................15 Modify Logical Real Server Configuration..............................................................................16 Solving the ARP problem (Direct Routing method only).............................................................17 The procedure for Windows 2000/2003 web servers is as follows :.......................................18 The procedure for Linux ..........................................................................................................21 Transparent Proxy (Horms method)....................................................................................21 Or change the arp behavior with arp_ignore/arp_anounce.................................................22 The procedure for Solaris..........................................................................................................23 The procedure for Mac OS X & BSD.......................................................................................23 Testing...........................................................................................................................................24 Example Layer 7 configuration.....................................................................................................25 Example Network Diagram: Layer 7 Proxy mode........................................................................25 Configuring your Loadbalancer.org appliance..............................................................................26 Modify logical Virtual Servers (Layer 7 HAProxy).................................................................27 Modify Logical Real Server Configuration (Layer 7 HAProxy)..............................................28 Modify logical Virtual Servers (SSL Termination Pound).......................................................29 Manage this SSL certificate......................................................................................................30 How do I import certificates exported from Windows Server?.....................................................31 Windows........................................................................................................................................31 UNIX.............................................................................................................................................31 Planing Setting up a load balancer from Loadbalancer.org is easy, but a little planing never hurt anyone. Deciding on your objectives is always the first step, are you looking for increased performance, reliability, ease of maintenance or all three? A load balancer can increase performance Performance by allowing you to utilize several cheap servers to do the work of one web site. Running a web site on one server gives you a single point of failure, utilizing a load Reliability balancer moves the point of failure to the load balancer. At Loadbalancer.org we advise that you only deploy load balancers as clustered pairs for this very reason. Using the load balancer you can easily Maintenance bring servers on and off line to perform maintenance on individual web servers. Loadbalancer.org appliances are primarily for fast layer 4 load balancing of local server clusters. Like many other commercial products the Linux Virtual Server (LVS) is the open source core of the routing engine. The appliances also support SSL termination (Pound) and Layer 7 (HA-Proxy) load balancing for environments in the unfortunate position of requiring cookie persistence or URL switching. From the configuration perspective the 3 methods are completely separate this is a functional design decision based on the fact that LVS is a router and Pound/Ha-Proxy are application proxies. Layer 4 Direct Routing Ultra-fast local server based load balancing. (recommended) Requires handling the ARP issue on the real servers. Layer 4 NAT(masq) Fast layer 4 load balancing, the appliance becomes the default gateway for the real servers. Layer 4 TUN Similar to DR but works across IP encapsulated tunnels. Layer 7 - SSL Pound Usually required in order to process cookie persistence on the load balancer. Processor intensive. Layer 7 HA-Proxy Layer 7 allows great flexibility including full SNAT and WAN load balancing + Cookie insertion and URL switching. Much slower than Layer 4. Example Layer 4 configuration For this example we will assume that we would like to balance the load over three Windows 2000 web servers, all three web servers are running the same web site which uses both HTTP & HTTPS. All of the web servers will talk to a shared Oracle database to handle persistence. The session table is held on the database so it doesn't matter which web server answers the client request. HTTPS is often said to require a persistent connection to the client, it doesn't, but it does help performance not to have to re-negotiate the key for every connection. When a client requests HTTPS we will configure the load balancer to keep the connection persistent (Always use the same server) for 5mins. www.example.com currently points at a single web server with its own valid fixed IP address, the firewall then NATs this valid IP address to the web servers RIP address 192.168.1.10. In order to provide a smooth transition, the plan is to set up the clustered load balancer on the same subnet as two new servers. Test it carefully to make sure it detects when the servers are up or down and balances the load evenly. Then when confident everything is OK change the firewall so that it NATs the external IP of www.example.com to the external floating VIP of the load balancer. After an extended live testing period, the original web server can be added to the cluster. This method ensures that if at any stage you run into trouble you can quickly change the firewall back to the original configuration. Refining the planing Now step back and review the plan. Load balancers only work effectively if the web servers are completely stateless, do your web servers store persistent information on local drives? Images (jpeg,png,gif etc.) Files (html,php,asp etc.) Session data (Standard ASP and PHP session data is stored locally by default!) 1) Your session data MUST be stored on a shared database Postgres, Oracle, MSSQL etc. 2) Your content either needs to be on shared storage, or replicated between each web server. On UNIX you can use the RSYNC command to replicate files, on Win2K you need ROBOCOPY from the NT resource kit. Usually you will FTP your content to one master server and then replicate it from there to the others. Now is also a great time to document the disaster recovery process for your web site, after all you do need to build two new web servers. What do you do if your application is not stateless? Re-write it! Seriously that's the best option, but if not don't worry just use persistence, you'll loose your fail over but you'll still get increased capacity. This problem occurs with all load balancers what ever the technology used to get around it. Persistence Methods The basic layer 4 persistence method is source IP persistence, you can handle millions of persistent connections at layer 4. NB. If you need to group HTTP & HTTPS as a persistent group you will need to use Firewall Marks (see the administration manual). What about the AOL mega proxy problem? You can change the persistence subnet mask to a lower granularity (which may help) or switch to layer 7 cookie based methods. NB. Obviously this won't work for any clients that don't accept cookies. Did we mention that you can't have fail over if you don't have persistence built into your application! Finalizing the network
Load more

Recommended publications
  • Tree-Like Distributed Computation Environment with Shapp Library
    information Article Tree-Like Distributed Computation Environment with Shapp Library Tomasz Gałecki and Wiktor Bohdan Daszczuk * Institute of Computer Science, Warsaw University of Technology, 00-665 Warsaw, Poland; [email protected] * Correspondence: [email protected]; Tel.: +48-22-234-78-12 Received: 30 January 2020; Accepted: 1 March 2020; Published: 3 March 2020 Abstract: Despite the rapidly growing computing power of computers, it is often insufficient to perform mass calculations in a short time, for example, simulation of systems for various sets of parameters, the searching of huge state spaces, optimization using ant or genetic algorithms, machine learning, etc. One can solve the problem of a lack of computing power through workload management systems used in local networks in order to use the free computing power of servers and workstations. This article proposes raising such a system to a higher level of abstraction: The use in the .NET environment of a new Shapp library that allows remote task execution using fork-like operations from Portable Operating System Interface for UNIX (POSIX) systems. The library distributes the task code, sending static data on which task force is working, and individualizing tasks. In addition, a convenient way of communicating distributed tasks running hierarchically in the Shapp library was proposed to better manage the execution of these tasks. Many different task group architectures are possible; we focus on tree-like calculations that are suitable for many problems where the range of possible parallelism increases as the calculations progress. Keywords: workload management; remote fork; distributed computations; task group communication 1.
    [Show full text]
  • Load Balancing for Heterogeneous Web Servers
    Load Balancing for Heterogeneous Web Servers Adam Pi´orkowski1, Aleksander Kempny2, Adrian Hajduk1, and Jacek Strzelczyk1 1 Department of Geoinfomatics and Applied Computer Science, AGH University of Science and Technology, Cracow, Poland {adam.piorkowski,jacek.strzelczyk}@agh.edu.pl http://www.agh.edu.pl 2 Adult Congenital and Valvular Heart Disease Center University of Muenster, Muenster, Germany [email protected] http://www.ukmuenster.de Abstract. A load balancing issue for heterogeneous web servers is de- scribed in this article. The review of algorithms and solutions is shown. The selected Internet service for on-line echocardiography training is presented. The independence of simultaneous requests for this server is proved. Results of experimental tests are presented3. Key words: load balancing, scalability, web server, minimum response time, throughput, on-line simulator 1 Introduction Modern web servers can handle millions of queries, although the performance of a single node is limited. Performance can be continuously increased, if the services are designed so that they can be scaled. The concept of scalability is closely related to load balancing. This technique has been used since the beginning of the first distributed systems, including rich client architecture. Most of the complex web systems use load balancing to improve performance, availability and security [1{4]. 2 Load Balancing in Cluster of web servers Clustering of web servers is a method of constructing scalable Internet services. The basic idea behind the construction of such a service is to set the relay server 3 This is the accepted version of: Piorkowski, A., Kempny, A., Hajduk, A., Strzelczyk, J.: Load Balancing for Heterogeneous Web Servers.
    [Show full text]
  • Zope Documentation Release 5.3
    Zope Documentation Release 5.3 The Zope developer community Jul 31, 2021 Contents 1 What’s new in Zope 3 1.1 What’s new in Zope 5..........................................4 1.2 What’s new in Zope 4..........................................4 2 Installing Zope 11 2.1 Prerequisites............................................... 11 2.2 Installing Zope with zc.buildout .................................. 12 2.3 Installing Zope with pip ........................................ 13 2.4 Building the documentation with Sphinx ............................... 14 3 Configuring and Running Zope 15 3.1 Creating a Zope instance......................................... 16 3.2 Filesystem Permissions......................................... 17 3.3 Configuring Zope............................................. 17 3.4 Running Zope.............................................. 18 3.5 Running Zope (plone.recipe.zope2instance install)........................... 20 3.6 Logging In To Zope........................................... 21 3.7 Special access user accounts....................................... 22 3.8 Troubleshooting............................................. 22 3.9 Using alternative WSGI server software................................. 22 3.10 Debugging Zope applications under WSGI............................... 26 3.11 Zope configuration reference....................................... 27 4 Migrating between Zope versions 37 4.1 From Zope 2 to Zope 4 or 5....................................... 37 4.2 Migration from Zope 4 to Zope 5.0..................................
    [Show full text]
  • Administration Guide Administration Guide SUSE Linux Enterprise High Availability Extension 15 SP1 by Tanja Roth and Thomas Schraitle
    SUSE Linux Enterprise High Availability Extension 15 SP1 Administration Guide Administration Guide SUSE Linux Enterprise High Availability Extension 15 SP1 by Tanja Roth and Thomas Schraitle This guide is intended for administrators who need to set up, congure, and maintain clusters with SUSE® Linux Enterprise High Availability Extension. For quick and ecient conguration and administration, the product includes both a graphical user interface and a command line interface (CLI). For performing key tasks, both approaches are covered in this guide. Thus, you can choose the appropriate tool that matches your needs. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006–2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see http://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE
    [Show full text]
  • Introduction to Linux Virtual Server and High Availability
    Outlines Introduction to Linux Virtual Server and High Availability Chen Kaiwang [email protected] December 5, 2011 Chen Kaiwang [email protected] LVS-DR and Keepalived Outlines If you don't know the theory, you don't have a way to be rigorous. Robert J. Shiller http://www.econ.yale.edu/~shiller/ Chen Kaiwang [email protected] LVS-DR and Keepalived Outlines Misery stories I Jul 2011 Too many connections at zongheng.com I Aug 2011 Realserver maintenance at 173.com quiescent persistent connections I Nov 2011 Health check at 173.com I Nov 2011 Virtual service configuration at 173.com persistent session data Chen Kaiwang [email protected] LVS-DR and Keepalived Outlines Outline of Part I Introduction to Linux Virtual Server Configuration Overview Netfilter Architecture Job Scheduling Scheduling Basics Scheduling Algorithms Connection Affinity Persistence Template Persistence Granularity Quirks Chen Kaiwang [email protected] LVS-DR and Keepalived Outlines Outline of Part II HA Basics LVS High Avaliablity Realserver Failover Director Failover Solutions Heartbeat Keepalived Chen Kaiwang [email protected] LVS-DR and Keepalived LVS Intro Job Scheduling Connection Affinity Quirks Part I Introduction to Linux Virtual Server Chen Kaiwang [email protected] LVS-DR and Keepalived LVS Intro Job Scheduling Configuration Overview Connection Affinity Netfilter Architecture Quirks Introduction to Linux Virtual Server Configuration Overview Netfilter Architecture Job Scheduling Scheduling Basics Scheduling Algorithms Connection Affinity Persistence Template Persistence Granularity Quirks Chen Kaiwang [email protected] LVS-DR and Keepalived LVS Intro Job Scheduling Configuration Overview Connection Affinity Netfilter Architecture Quirks A Linux Virtual Serverr (LVS) is a group of servers that appear to the client as one large, fast, reliable (highly available) server.
    [Show full text]
  • Keepalived User Guide Release 1.4.3
    Keepalived User Guide Release 1.4.3 Alexandre Cassen and Contributors March 06, 2021 Contents 1 Introduction 1 2 Software Design 3 3 Load Balancing Techniques 11 4 Installing Keepalived 13 5 Keepalived configuration synopsis 17 6 Keepalived programs synopsis 23 7 IPVS Scheduling Algorithms 27 8 IPVS Protocol Support 31 9 Configuring SNMP Support 33 10 Case Study: Healthcheck 37 11 Case Study: Failover using VRRP 43 12 Case Study: Mixing Healthcheck & Failover 47 13 Terminology 51 14 License 53 15 About These Documents 55 16 TODO List 57 Index 59 i ii CHAPTER 1 Introduction Load balancing is a method of distributing IP traffic across a cluster of real servers, providing one or more highly available virtual services. When designing load-balanced topologies, it is important to account for the availability of the load balancer itself as well as the real servers behind it. Keepalived provides frameworks for both load balancing and high availability. The load balancing framework relies on the well-known and widely used Linux Virtual Server (IPVS) kernel module, which provides Layer 4 load balancing. Keepalived implements a set of health checkers to dynamically and adaptively maintain and manage load balanced server pools according to their health. High availability is achieved by the Virtual Redundancy Routing Protocol (VRRP). VRRP is a fundamental brick for router failover. In addition, keepalived implements a set of hooks to the VRRP finite state machine providing low-level and high-speed protocol interactions. Each Keepalived framework can be used independently or together to provide resilient infrastructures. In this context, load balancer may also be referred to as a director or an LVS router.
    [Show full text]
  • Ubuntu Server Guide Basic Installation Preparing to Install
    Ubuntu Server Guide Welcome to the Ubuntu Server Guide! This site includes information on using Ubuntu Server for the latest LTS release, Ubuntu 20.04 LTS (Focal Fossa). For an offline version as well as versions for previous releases see below. Improving the Documentation If you find any errors or have suggestions for improvements to pages, please use the link at thebottomof each topic titled: “Help improve this document in the forum.” This link will take you to the Server Discourse forum for the specific page you are viewing. There you can share your comments or let us know aboutbugs with any page. PDFs and Previous Releases Below are links to the previous Ubuntu Server release server guides as well as an offline copy of the current version of this site: Ubuntu 20.04 LTS (Focal Fossa): PDF Ubuntu 18.04 LTS (Bionic Beaver): Web and PDF Ubuntu 16.04 LTS (Xenial Xerus): Web and PDF Support There are a couple of different ways that the Ubuntu Server edition is supported: commercial support and community support. The main commercial support (and development funding) is available from Canonical, Ltd. They supply reasonably- priced support contracts on a per desktop or per-server basis. For more information see the Ubuntu Advantage page. Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions.
    [Show full text]
  • HP/ISV Confidential
    Advanced Cluster Software for Meteorology Betty van Houten 1 Frederic Ciesielski / Gavin Brebner / Ghislain de Jacquelot 2 Michael Riedmann 3 Henry Strauss 4 1 HPC Division Richardson 2 HPC Competency Centre Grenoble 3 EPC Boeblingen 4 HPC PreSales Munich ECMWF workshop “Use of HPC in Meteorology” -- Reading/UK, November 2nd, 2006 © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 2 Nov 2, 2006 Advanced Cluster Software for Meteorology Outline • requirements in met • HP‘s ways to address those − XC – a cluster environment for real-world applications − HP-MPI – a universal approach − some thoughts on checkpoint/restart and alternatives − future work • LM on HP – status & results • conclusions 3 Nov 2, 2006 Advanced Cluster Software for Meteorology Requirements • both capability and capacity • reliability & turn-around times • data management! • visualization? 4 Nov 2, 2006 Advanced Cluster Software for Meteorology Cluster Implementation Challenges • Manageability • Scalability • Integration of Data Mgmt & Visualization • Interconnect/Network Complexity • Version Control • Application Availability 5 Nov 2, 2006 Advanced Cluster Software for Meteorology XC Cluster: HP’s Linux-Based Production Cluster for HPC • A production computing environment for HPC built on Linux/Industry standard clusters − Industrial-hardened, scalable, supported − Integrates leading technologies from open source and partners • Simple and complete product for real world usage − Turn-key, with single
    [Show full text]
  • Protectv Installation Guide (AWS)
    ProtectV Installation Guide (AWS) Technical Manual Template 1 Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright © 2013 SafeNet, Inc. All rights reserved. Document Information Product Version 1.7 Document Part Number 007-011532-001, Rev R Release Date March 2014 Trademarks All intellectual property is protected by copyright. All trademarks and product names used or referred to are the copyright of their respective owners. No part of this document may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, chemical, photocopy, recording, or otherwise, without the prior written permission of SafeNet, Inc. • Linux® is a registered trademark of Linus Torvalds. Linux Foundation, Linux Standard Base, LSB, LSB Certified, IAccessible2, MeeGo are registered trademarks of the Linux Foundation. Copyright © 2010 Linux Foundation. All rights reserved. • Windows is a registered trademark of Microsoft Corporation in the United States and other countries. • Amazon Web Services™ and AWS™ are registered trademarks of Amazon.com, Inc. or its affiliates in the United States and other countries. • Red Hat® Linux® is a registered trademark of Red Hat, Inc. in the United States and other countries. • Ubuntu™ is a registered trademark of Canonical Ltd. Disclaimer SafeNet makes no representations or warranties with respect to the contents of this document and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, SafeNet reserves the right to revise this publication and to make changes from time to time in the content hereof without the obligation upon SafeNet to notify any person or organization of any such revisions or changes.
    [Show full text]
  • Virtually Linux Virtualization Techniques in Linux
    Virtually Linux Virtualization Techniques in Linux Chris Wright OSDL [email protected] Abstract ware1 or software [16, 21, 19], may include any subset of a machine’s resources, and has Virtualization provides an abstraction layer a wide variety of applications. Such usages mapping a virtual resource to a real resource. include machine emulation, hardware consol- Such an abstraction allows one machine to be idation, resource isolation, quality of service carved into many virtual machines as well as resource allocation, and transparent resource allowing a cluster of machines to be viewed redirection. Applications of these usage mod- as one. Linux provides a wealth of virtual- els include virtual hosting, security, high avail- ization offerings. The technologies range in ability, high throughput, testing, and ease of the problems they solve, the models they are administration. useful in, and their respective maturity. This It is interesting to note that differing virtual- paper surveys some of the current virtualiza- ization models may have inversely correlated tion techniques available to Linux users, and proportions of virtual to physical resources. it reviews ways to leverage these technologies. For example, the method of carving up a sin- Virtualization can be used to provide things gle machine into multiple machines—useful such as quality of service resource allocation, in hardware consolidation or virtual hosting— resource isolation for security or sandboxing, looks quite different from a single system im- transparent resource redirection for availability age (SSI) [15]—useful in clustering. This pa- and throughput, and simulation environments per primarily focuses on providing multiple for testing and debugging. virtual instances of a single physical resource, however, it does cover some examples of a sin- 1 Introduction gle virtual resource mapping to multiple phys- ical resources.
    [Show full text]
  • Linux Install and Configure Pound Reverse Proxy for Apache Http / Https Web Server 21/03/2011 15:17
    Linux install and configure pound reverse proxy for Apache http / https web server 21/03/2011 15:17 About Blog Forum Low graphics Shell Scripts RSS/Feed Flash Linux FAQ / Howtos Linux install and configure pound reverse proxy for Apache http / https web server by Vivek Gite on December 11, 2007 · 21 comments Q. How do I install and configure pound reverse proxy for Apache web sever under Debian Linux? A. Pound is a reverse-proxy load balancing server. It accepts requests from HTTP / HTTPS clients and distributes them to one or more Web servers. The HTTPS requests are decrypted and passed to the back- ends as plain HTTP. It will act as: a) Server load balancer b) Reverse proxy server c) Apache reverse proxy etc d) It can detects when a backend server fails or recovers, and bases its load balancing decisions on this information: if a backend server fails, it will not receive requests until it recovers e) It can decrypts https requests to http ones f) Rejects incorrect requests h) It can be used in a chroot environment (security feature) If more than one back-end server is defined, Pound chooses one of them randomly, based on defined priorities. By default, Pound keeps track of associations between clients and back-end servers (sessions). Install Pound Software Type the following command to install pound: $ sudo apt-get install pound If you are using RHEL / CentOS, grab pound rpm here and type the command: # rpm -ivh pound* If you are using FreeBSD, enter: # cd /usr/ports/www/pound/ && make install clean How it works? Let us assume your public IP address 202.54.1.5.
    [Show full text]
  • Loadbalancer.Org Appliance Administration V5.5
    Loadbalancer.org Appliance Administration v5.5 Copyright © Loadbalancer.org Limited 2002-2007 Table of Contents Loadbalancer.org Appliance Administration v5.5................................................................................1 Introduction......................................................................................................................................4 Console configuration......................................................................................................................4 Remote configuration......................................................................................................................6 Edit Configuration...........................................................................................................................7 Logical Load balancer configuration..........................................................................................7 Modify Logical Virtual Severs ..................................................................................................7 Modify Logical Real Severs .....................................................................................................11 Modify Global Settings ............................................................................................................13 Modify logical Virtual Servers (Layer 7 HAProxy)..................................................................14 Modify logical Real Servers (Layer 7 HAProxy)......................................................................15
    [Show full text]