On Wed, 9 Dec 2009, Ryan Lynch wrote: > Hi, David, > > On Wed, Dec 9, 2009 at 12:30, <[email protected]> wrote: >> this sort of thing is possible today, without using round-robin DNS >> >> on linux there is an iptables option called CLUSTERIP that lets you create >> a single IP address on multiple machines, and each machine processes a >> portion of the traffic (based on a hash of one or more of dest port, dest >> IP, source port, source IP) > > ClusterIP is a heck of a neat technology, and it would definitely work > for a lot of load-balancing cases. > > But it does require that all of the participating hosts share a single > LAN segment. In my case, the "central" log-receiving hosts are are > different physical sites, and are separated by routers. > > I haven't thought this out, completely, but depending on the load > characteristics and proximity-distribution requirements, it might be > possible to use a combination of both: A per-site ClusterIP address > for the primary host, with various clever round-robin DNS records for > failover.
remember that even with TCP data can be lost in transit, so doing logging to remote sites is risky without using RELP. > Either way, thanks for the suggestion. > > >> if you have many systems sending to one central server they will be spread >> roughly evenly across the servers. if this is not even enough for you, >> version 5 has an option to close and re-open connections to the server >> every X messages, and since doing so changes the source port of the >> connection, this will spread the connections around the cluster more >> evenly. > > Do you happen to know what the name of that option is? That will come > in handy no matter how I end up implementing this. there are two seperate options, one for TCP, one for UDP (I don't know if the TCP option also affects other transports that use TCP like RELP, TLS, etc) # $ActionSendTCPRebindInterval nbr- [available since 4.5.1] - instructs the TCP send action to close and re-open the connection to the remote host every nbr of messages sent. Zero, the default, means that no such processing is done. This directive is useful for use with load-balancers. Note that there is some performance overhead associated with it, so it is advisable to not too often "rebind" the connection (what "too often" actually means depends on your configuration, a rule of thumb is that it should be not be much more often than once per second). # $ActionSendUDPRebindInterval nbr- [available since 4.3.2] - instructs the UDP send action to rebind the send socket every nbr of messages sent. Zero, the default, means that no rebind is done. This directive is useful for use with load-balancers. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
