9.1 - Health Checks. Mentioning "root" here is not correct. Administration of ilbd should be defined through RBAC.
You list 7 privileges as required by ilbd but only one as being checked by the kernel. Why? 9.2 - External Methods It sounds like the external method is fork'd every time the health check is activated. With enough servers, this could become a significant system overhead. You may wish to include some configuration option where the external method just keeps printing data on stdout. If this is what is meant by the design then it needs some editing. 9.3 Monitor Are there any limits or problems if there are multiple users doing "ilbadm monitor" concurrently? 10 Packet Interception Which packet filtering hook will the ilb code be introducing? And where would be put an additional hook if we wanted to enable people to do load balancing for local traffic? Dropping fragmented packets is not acceptable. Talk to the IPsec guys for some tips on mitigating this problem. This will come back to bite us if it is implemented like this. Health Checks. ============== This design has a single daemon, with a single thread, that polls multiple servers to update a single pool of data in the kernel. If we assume that the in-kernel handling of requests from the daemon enforces MP-safety, why not run multiple daemons? i.e. run an ilbd per back end server (or at least a thread per back-end server.) You might still need a single daemon to act as the manager? *shrug* This does away with the need to use poll/select/event_port as each thread/daemon is reponsible for just one destination. This should also remove the ilbd main-loop from being a critical section of code, where slow down from dealing with one external server can impact all of the others. Instead, scheduling of work is left up to the kernel to schedule threads/processes, depending on who's busy or blocked, etc. Additionally, I'd like to see some discussion in the design document about the pro's and con's of using separate SMF instances for each destination server in the back end. This ties in with running one ilbd process per-backend server and also gives you greater observability, with the possibility of reflecting backend server status in the status of the SMF instance responsible for it (for example.) _______________________________________________ networking-discuss mailing list [email protected]
