Eventually I did get this working today. I keep the VIP on every lo in the cluster. Every machine in the cluster starts as a backup director. One of them will get elected as Master director by keepalived and all the rest will receive syncronization broadcasts from the master director.
The trick was, I used netfilter Marks to determine what traffic to load balance, and I configured keepalived to add the netfilter rules to iptables when it becomes a master and remove them when it's a backup. This way, LVS on the backups does not try to load balance incoming connections a second time, and they can just act as real servers. This gives me a cluster where all machines are peers. One of them just happens to be the director at any given time. I'm going to use this to provide 1 click clustering for our CIPAFilter products. They already have the ability to detect each other via broadcasts, so after a little more glue tommorow, a customer with load problems will be able to slap a few more cipafilters into their rack, click one checkbox, and have a fully load balanced high availability cluster. Great work on this stuff guys. Honestly, I had no idea it was so powerful or I would have implemented it years ago. David -----Original Message----- From: [EMAIL PROTECTED] on behalf of Joseph Mack NA3T Sent: Tue 10/23/2007 7:34 PM To: LinuxVirtualServer.org users mailing list. Subject: Re: [lvs-users] FW: Self Configuring High Availability LVS with Keepalived On Tue, 23 Oct 2007, David Hinkle wrote: > I'm trying to put together a self configuring high > availability LVS. Each of my units is a proxy server. > Each of them is identical, except a little configuration, > and I intend them to come up, elect a director, and serve > content. this was a highly hoped for goal in the early days of LVS. The director isn't all that different to a realserver. When a director fails out, one of the realservers should be able to take over, presumably automatically. The service listening on the VIP would have to be shut down on going from realserver to director. However one we got the two director failover working, people lost interest. One working scheme was enough, at least for the moment. > I notice when I have a unit in BACKUP state, when I do > "ipvsadm" I see all the lvs stuff is configured in the > kernel. > > Does this mean that the unit will try to do load balancing > when a connection comes in instead of just ignoring it and > allowing the proxy server's user space software to process > it? usually a director in backup state doesn't have the VIP, so there are no packets for it to ignore. If you sent it packet for the VIP backup director would loadbalance them. > If so, Can I configure keepalived in such a way that the > ipvsadm stuff isn't set up until a unit goes to MASTER? it doesn't take any time to setup ipvsadm, so yes. > And if so, will the connection state information > successfully synchronize? once the demon starts and lets the partner demon in the other director know where it is Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
