On Wed, 14 Jan 2009, Atom Powers wrote: > I see two strategies emerging: > * Internal load balancing: let the servers negotiate between each other to > determine which one should service the request. aka linux-ha, carp. > But a pretty serious problem occurs if one or more of the servers fails in > such a way that it thinks all the other servers are down and all the other > servers think that it is down. I would rather not leave it up to the servers > in the cluster to decide if they have failed or not. > > * External load balancing: use a proxy or router to balance requests among a > cadre of servers. aka F5, pf rdr rules, ipvs/lvs. > But how do you make the load balancer highly available? A hardware load > balancer will be more stable than any server, but it can still fail.
it's basicly the same software running on the external box as you would put on the server. and if you use an external box you need to have two of them (so that if it fails you aren't dead), how do you think the two of them decide which is primary? you can't eliminate this problem by throwing external devices at it, you just move the problem to your external devices. > ipvs/lvs hasn't been updated since 2004 (the FreeBSD port was last updated > in 2005). While that might indicate a mature project, I'm skeptical; > especially given the amount of work that has gone into other networking > projects since then. LVS has been in the kernel (as opposed to an external module) for several years, the development is continuing, but in the kernel, not in the external module > linux-ha/heartbeat looks interesting, but sounds like it could be very > suceptabe to the situation where more than one server thinks that it should > be the only server. why do you think this? heartbeat can use multiple network channels between the boxes so that a switch failure won't cause you problems. you can configure it to check an external device as well, you can configure them to power the other box off if you think it's dead. at some point this should satisfy your needs. but the other question is 'what is the worst that happens if you do have a split-brain happen' what would happen is that both boxes would accept updates from the network, but they wouldn't replicate them so new changes would only go into one. depending on what you are doing with the system, this can range from an inconvienience, to a disaster. you need to decide this. if it's a disaster then you can configure heartbeat in it's most paranoid mode (power off the other system if you think it's sick), if it's not you can be less paranoid (simple redundant network connections are usually good enough) > I can build a pretty simple, and moderatly robust, load balancer using carp, > pf, and router-side scrips which should do nearly the same thing as a > layer-7 router. This seems like my best option at the moment. (It doesn't > *have* to be open source, but my CFO would appreciate it.) Unfortunatly pf, > as near as I can tell, doesn't do weighted redirection and would require > scripts, and associated load, to manage the IPs in the cluster. you really don't want to roll your own here unless you have very special needs. there are a lot of subtle interactions and failure modes that are easy to get wrong. you are better off taking advantage of the experiance and testing of others. David Lang _______________________________________________ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
