Building a Linux Virtual Server

prostoalex writes "NewsForge (an OSTG site) has an article that discusses the details of building a cluster for a virtual server - an environment where one can add and remove machines as needed, to account for high-traffic Web site of intensive database application: 'The main advantage of using LVS is that unlike Microsoft network load-balancing clusters, the LVS allows you to add a node running any operating system that supports TCP/IP to the cluster.'"

PC's are not for networking

[gtrubetskoy]

First of all, the Linux Virtual Server project is a misnomer, because a Virtual Server these days means a virtualized operating environment similar to what is provided by VMWare, Xen, Linux Vserver, etc.

Second, IP Load Balancing is not new and is much better done by a hardware device such as Cisco CSM, Foundry ServerIron, Nortel Alteon, etc. These things boot in seconds, use ASICs, can process orders of magnitudes more packets per second than a Linux box can, have no moving parts (except for the fans), are aesily configured, can be set up in a fail-over configuration, speak routing protocols, etc, etc.

The Linux Virtual Server is a good project to tinker around with if you would like to understand load-balancing concepts better and do not have the $$$ for a hardware device, but I would not even consider designing a mission-critical solution using LVS instead of a hardware load-balancer.

I remember back in my ISP days we purchased a small provider with a few T1's all running on Linux-based routers. They had a tendency to lock up and were very awkward to manage for many reasons (e.g. upgrading the kernel was a risky procedure that required way more downtime than necessary) and we replaced them with real routers pretty quickly. I kinda suspect that Linux Virtual Server may be a similar type of experience - PC's just don't make good network devices for some reason.

Of course I'll probably get flamed for this comment...

Re:PC's are not for networking

[badriram]

I agree that PCs do not make very good network devices. But they offer something in price, that none of the other appliances i know of can match.

Re:PC's are not for networking

[Dasein]

Many F5 appliances were not much more than FreeBSD PCs

Re:PC's are not for networking

[Serveert]

with keepalived doing health checks / failover and using single CPU LVS boxes, it can handle your mission critical apps just fine. DR(direct route) would be more efficient than NAT since you would cut in half the traffic going through your LVS box. The key is single CPU systems, LVS doesnt like multiple CPUs much and it doesn't add much value (according to certain people in the LVS project).

Re:PC's are not for networking

Really true! Our best Loadbalancer appliance, 5 years without one single failure, is actuallty a BSD.

Also Nokia CheckPoint appliances are BSD!

My .02E

Re:PC's are not for networking

[Bluesuperman]

I would have to disagree with you here on a number of points. I am not sure what distro of Linux you where using and why you had all the down time ? Upgrading the kernel should only require a reboot ? So the down time is how long it takes your server to boot up. Did you ever look into the lock up issue ? Could it be bad hardware or driver hardware mismatch ? The only time I have ever locked up a Linux server was when I was using hardware that was not supported or I was using hardware with incorrect modules. Michael

Re:PC's are not for networking

[Serveert]

hmm I've created LVS patches, I provide detailed information about LVS... and my post is flagged as flamebate vs the original poster who speculated that LVS is a child's toy?

Hmmm.

Re:PC's are not for networking

[__aanonl8035]

I want to second your comment as I have had a similar experience. Now, do not get me wrong... I love linux. I have used RedHat and Debian for all kinds of tasks.
I worked for a small ISP in the mid 90s and there were times, when in a pinch I had to setup a linux router or load balancer. And I got them to work. But there was always a lot of effort involved in getting it to work, and they were always precarious in operation. It was scarey to do upgrades. It was scarey to have hard drives fail.
It was always just so much simpler to get a more expensive Cisco box in the long run due to its design, documentation, an performance.

Re:PC's are not for networking

[SirGeek]

Toss in a 2nd PC, use Mon, and use Linux HA and you've got yourself a high availability cluster that can route almost TCP IP or UDP traffic for far less cost than a "real" load balancer not to mention can do far MORE than a load balancer. We are using LVS and HA at my 9to5 job for load balancing our new Webservers. ITs super reliable. We have it such that within 10 seconds of a web server not being available, its removed from the LB. Once its back up and running, it adds the server back in automatically.

Re:PC's are not for networking

better and do not have the $$$ for a hardware device

Don't forget the $$$ $$$ for the second hardware device, in the event of the failure of the first one.

Re:PC's are not for networking

[AtlanticGiraffe]

Many administrators prefer out-of-the-box solutions. There are good reasons for that. Their simplicity makes them secure, because there are fewer opportunities for mistakes. This is a completely valid point that should always be taken into account when choosing a load balancer.

That said, Linux Virtual Server is relatively easy to set up (for your average unix sysadmin), very reliable, fast and scalable. It is not inherently slower, less reliable or more dependent on moving parts than any hardware solution. If you prefer no moving parts, run LVS on a solid state machine. Don't judge it by the hardware others choose to run it on.

With keepalived, eliminating the obvious "single point of failure" is no problem at all and various scripts have been written to facilitate LVS cluster management. We all know that any piece of hardware will eventually fail, be it from Intel, Western Digital or Cisco. Therefore, redundancy is usually a better bet than "reliable" hardware.

When your LVS box gets heavily loaded (meaning that you did something wrong, used hardware from the early nineties or got slashdotted), you can upgrade it at will. Replacing your 1.5GHz Intel chip with a 3.0GHz one should be a lot cheaper than buying a new Cisco box.

And one last point: Having a full-fledged OS running on the frontline can be convenient and may allow for better hardware utilisation. For example your LVS box might run a realserver itself, or other services that have nothing to do with the cluster. Scalability means being able to scale down as well as up.

Re:PC's are not for networking

[evilviper]

These things boot in seconds,

Check.

can process orders of magnitudes more packets per second than a Linux box can,

How did you benchmark this? What options where you using? I'd like to know. It's hard to argue with a vague blanket statement.

have no moving parts (except for the fans)

Check. It's trivially easy to put a Flash HDD in a PC.

are aesily configured

Vague and debatable...

can be set up in a fail-over configuration

Check.

speak routing protocols

Check.

Re:PC's are not for networking

[jeks313]

I would argue that LVS is a fine alternative to costly hardware based load balancers. I have tried both hardware based load balancers from Cisco and used LVS. Using LVS I have provided sites with 5 9's worth of uptime. With keepalived and two load balancers you achieve a very robust and flexible system. My 2c worth? If you are requiring load balancing, cater to your strengths. If you have a lot of experience running Linux and want something that costs just the simple hardware, use LVS. If you know Cisco inside out and already have an investment in Cisco gear use Cisco (or F5, Nortel, etc). I have seen people follow the 'hardware is so much better' approach and gone with solutions they were not skilled with, did not keep up to date with, and were uncomfortable using to their full extent. That leads to user error, lag time in patching security holes, and all sorts of nasties. To finish with my own 'back in the days' anecdote, we initally *did* purchase a dedicated load balancer. It was a Cisco Local Director and was very poorly suited to the task of load balancing. The Cisco cost $10,000 and we replaced it with 2 P3-666's running LVS and heartbeat, for a cost of just over $2000. The LVS solution was *far* superior at the time to the Local Director and much more flexible, and went on to achive close to 500 days of uptime on both directors. At which time the power went out, generators kicked in, UPS fuse blew and all redundancy was for naught in that data centre.

Re:PC's are not for networking

[Shads]

I've deployed linux as routers a few times and for the most part in days past your opinion mirrors mine. However kernel 2.4 and 2.6 have greatly improved the useability of linux as a router. They're about on par now with low end hardware networking devices from the bigname companies... they still can't compare to a "real" router though... maybe someday-- after we geta way from moving parts :)

There are some intersting things you can do with linux as a router that you can't do with a hardware device though. Shrug. Flexability for stability. I've always deployed linux as a router in a fallover configuration, if at any point the first router goes down, locks up, etc... the second takes over operations inside a second or two and notifies me. It's kept things stable in situations where things could have gotten really ugly really fast (hard drive failure, dead ups, nic failure.)

Also alot of the problem I've seen with using a linux box as a router comes from the fact people tend to toss "eh, whatever" machines out to do the job, very few people actually BUILD a pc with use as a router in mind... it's an after thought. Designing with use as a router in mind lets you make some wise choices and decisions that you might otherwise miss (redundant powersupplies, lockup detection hardware, raid 1/0 with 10k sata drives (helps with swap and boot speeds), alternate methods of doing init (multithreaded), etc..) shrug.

But mhz to mhz no linux machine is *ever* going to touch a hardware solution... course you don't see alot of 4 processor 3ghz routers with 4g of ram either.

Re:PC's are not for networking

[shokk]

This brings up the chinese menu of the tech world:
cheap, reliable, fast - pick two.

It's a nice tool...

[ProfaneBaby]

Combine that with something like Virtuozzo from SW-Soft or (the now dying) ServerXchange from Ensim (webhosting virtualization software packages) and you could cluster VPSes together and have the added virtuazliation over hardware that would let you move OS images around between machines.

You could move the systems in and out of the cluster, but you could also move the OS install around on different hardware. Reliability through virtualization, it's a great thing.

Re:It's a nice tool...

[silas_moeckel]

Ew ServerXchange, actualy Virtuozzo and PEM from SW play rather nicly with load ballancers. You have to make the users data get mirrors any way you can (iSCSI and software raid rock for this) Hsphere has a similar tack but only officualy plays nice with NetApp (works with the OSS version ok though)

As to load ballancing it's realy a toy when compared to the hardware boxes and as few year old arrowpoint (now cisco) boxes can be had for under 500 used that go faster than any linux box can think of with less latency.

just to get it out of the way

[kalpol]

Imagine a Beowulf cluster of...never mind.

Don't forget the importance of keepalived

[Serveert]

http://www.keepalived.org/

What is Keepalived ? ...

So in short keepalived is a userspace daemon for LVS cluster nodes healthchecks and LVS directors failover.

Re:Don't forget the importance of keepalived

[Dasein]

Yeah, what he said. However, the TFA said:

Although the above-described virtual server setup (virtual server via NAT) can meet the performance requirements of many servers, the design is limited by the load balancer, which is a single point of failure for the whole cluster. However, you can eliminate this bottleneck by having multiple virtual servers, each connected to its own cluster of real servers, grouped together at a single domain name by round robin DNS.

Do two machine with failover before you do round-robin DNS.

Re:Don't forget the importance of keepalived

[Serveert]

Agreed, RR DNS is not good for many reasons.

Re:Don't forget the importance of keepalived

[Serveert]

I provide a link... more flame bait from me, yes, yes, indeed.

Re:Don't forget the importance of keepalived

[LiquidRaptor]

You know, I see 2 posts on the first quarter page with your bitching about moderation, however both posts have high points, I think you need to stop being so anal about your mod points and let it sort itself out, or post your bitching anonymously.

Re:Don't forget the importance of keepalived

Nice water colors, faggot ass. 2 year olds paint better than you.

Dubious benefit?

[Sv-Manowar]

The article seems to suggest placing a large number of real servers behind a single virtual server. Surely this is putting a point of weakness in front of a potentially redundant cluster. Load balancing has been done better by specific hardware made by Foundry and the like. I'm not seeing the benefit over 'traditional' clustering with this solution.

Re:Dubious benefit?

[imemyself]

Well I'm sure it doesn't cost anywhere near as much. I mean 100% redundancy isn't necessary for everything.

Re:Dubious benefit?

[georgewad]

You have the option of a hot spare lvs server, at least in RedHat's implementation.

Re:Dubious benefit?

[havardi]

You can have more directors:
http://www.ultramonkey.org/papers/active_active/ac tive_active.shtml

Sweet !

[ilikeitraw]

Do you need to buy special glasses ?

Can you imagine!?

[Brandon+K]

Can you imagine a Beowulf cluster of these clusters for virtual servers?!?

Re:Can you imagine!?

Yes, but the important question is, would it run Linux?

Re:Can you imagine!?

[Agarax]

> Can you imagine a Beowulf cluster of these clusters for virtual servers?!?

Only if they are in Soviet Russia.

Re:Can you imagine!?

Only if they are in Soviet Russia.

Managed by old chinese people.

Database?

[XanC]

Why does the summary talk about intensive database applications? Not only are databases not mentioned in the article, but having a database server that the Web servers need to talk to would be a huge bottleneck for this configuration.

Re:Database?

[MikeFM]

MySQL and some other db servers can handle load balancing across multiple machines using their own methods. You're probably right that the db is often a weak point (which is one reason I don't like cramming unneeded logic into the db and forcing the db to do extra work) but every part of a web server farm should be able to use load balancing in some way or another if you write your web apps right.

I use a cluster for front-end logic (templating) and another for back-end logic. When I need to I'll do likewise with my db needs. Most of my load balancing is through DNS which seems to work well for me with appropiate proxy servers on the front instead of LVS.

Re:Database?

What? I had a site that was doing tracking of user accounts and movement through the site in the db and ad campaign links - and it was moving multi-million hits per day per front end server and 8+ GB per day of traffic per front end server all connected to a medium level 1U mysql server doing more than 1200 qps 24/7.

It worked/works fine. I have heard of more people having problems with F5 crap than LVS.

Here is a guy who did some prelim throughput tests for LVS on FreeBSD: http://dragon.linux-vs.org/~dragonfly/software/doc /ipvs_freebsd/performance.html

Built one.

[NovySan]

Great for http. Bad for nfs and smb/cifs.

Re:Built one.

Tell us more. Pretty please?

Bad for cifs/nfs as in they just don't work, or more like performance sucks?

Re:Built one.

[AtlanticGiraffe]

I don't think they meant it to be used with protocols like nfs and smb/cifs. This kind of load balancing performs very well with "simple" tcp-based protocols, ones that make a socket connection, exchange some data, and then close it.

Therefore, it's been used with great success for HTTP, SMTP, IMAP, POP and so on.

What about transparancy?

[Jailbrekr]

With any load balancing solution, if a server goes down with an active connection, that connection gets reset. It doesn't matter if you are using LVS, pen or pound, the level of transparancy isn't quite there yet.

Personally, I am an advocate of pound for http/s load balancing, because its simple, has central logging, and handles ssl authentication itself (thereby keeping the back end servers simple)

Check it out:

http://www.apsis.ch/pound

Re:What about transparancy?

[Bluesuperman]

Really ... what about the LVS scheduler that tracks TCP connections between LVS servers so if one goes down the other server that becomes master will NOT reset the TCP connection ?? Michael

Re:What about transparancy?

[Jck_Strw]

Very interesting. I must confess my ignorance, I'd never heard of pound before.

Can pound send requests to backend servers on different subnets? That would be really cool.

Re:What about transparancy?

Wrong, wrong, wrong. LVS has connection sync supported, so when failover happens the new master assumes the connection right where it left off. Learn something about this shit before posting so authoritativly...

Cluster is also a misnomer

[PornMaster]

What the article talks about is a web server farm. The servers aren't migrating data among each other... and since the author suggests using round-robin DNS for redundancy instead of DNS-based wide area load balancing and/or having a failover-style cluster setup so one machine going down activates a standby... well... while it may be useful to get people playing with things on their home network, it's not anything people who want to keep their jobs should be doing unless they're on a near-zero budget and using old desktops as web servers.

DEC was leading this field in the late 1980s.

[CyricZ]

DEC did a fair bit of research and development into such composite systems back in the late 1980s. That is why today systems like Tru64 UNIX are so adept at virtual networked systems. It's too bad that HP has squandered the gem it picked up from DEC (via Compaq) in Tru64.

Actually...

[jd]

...A cluster is exactly what you want, as opposed to one of these virtual servers.

A "true" virtual server allows a cluster to be treated as a single machine, from the outside. However, the problem with LVS - and similar technologies - is that they don't do this very well. You often have a single entry point, which means that communication suffers from the bottleneck.

Ideally, what you want is for ALL the machines to be capable of receiving connections, so that connections can be striped across the farm, which means that you aren't slowed by connection limitations.

What you then want is to transfer connections within the farm, so that you can balance load by resources available, rather than by simply giving each machine an equal number of connections.

Finally, the internals of the farm need to use some very good communications systems. GAMMA looks good, and I'd probably advise using Lustre or GFS over SMB or NFS.

Re:Actually...

[illumin8]

A "true" virtual server allows a cluster to be treated as a single machine, from the outside. However, the problem with LVS - and similar technologies - is that they don't do this very well. You often have a single entry point, which means that communication suffers from the bottleneck.

You are correct. I fail to see what the big deal about this "Linux Virtual Server" is. First of all, it's a terribly chosen name. It seems to imply that you're running some type of "beowulf"-like cluster across multiple physical boxes. That couldn't be further from the truth.

This looks like a poor attempt to imitate layer 3 switching using a Linux box. Basically, the same thing that F5 BigIPs and Cisco LocalDirector boxes have been doing for years now, but with a single point of failure so that when your one load balancer goes down or gets bandwidth saturated, every service on your network crashes hard.

Bzzt... Thanks for playing, please come again.

If you're running a layer 3 switch like this to spread web content requests among multiple Apache servers, you better have an active/active or active/passive failover node because it will eventually fail, and when it does, you've just eliminated 90% of the benefit that a layer-3 switch provides: Providing a single service with multiple physical servers in order to eliminate single points of failure.

Re:Actually...

[Iamnoone]

What is GAMMA? I found some projects related to gamma radiation, but not load balancing.

Re:Actually...

A cluster is exactly what you want and Ideally, what you want is for ALL the machines to be capable of receiving connections

Any cluster has to have some mechanism for either distributing connections to the members of the cluster or alternatively (and more expensively) the cluster members need to share info about who is servicing what connections. I haven't hear of any magic way to do that so far. LVS does a pretty damn good, cheap, easy, good performing, low overhead job of handing out the connection assignments.

Re:Actually...

[jd]

Freshmeat record

Main website

GAMMA is a high-performance, low-latency, non-routable protocol, designed for clusters on a single LAN. The web page isn't that well written, but the code itself seems prety solid and is for the 2.6 kernels.

Web servers...? where?

[DogDude]

There's a mention of databases in the article summary (which peaked my interest), but the article was ONLY about web servers (snore). What kind of summary was that?

OKAY WHO'S THE TARD WHO MODDED THIS FLAMEBAIT

[Dasein]

Not only am I an F5 customer and have many friends who work there but I once worked with a company that occupied space formerly occupied by F5.

Get this, the system that controlled card-key access was a *VERY* early F5 box that they had installed Windows on.

WLBS vs LVS

[markclong]

Looking at these images (LVS and WLBS) it seems with LVS there is a single point of failure with the load balancer box. With Windows load balancing there is no "balancer box" and if any one server fails the cluster continues without missing a beat.

How does LVS work if the balancer box fails?

Re:WLBS vs LVS

Add a second load balancer box and fail over to it. Connection-wise, it's seamless.

Re:WLBS vs LVS

[AtlanticGiraffe]

Microsoft has that SPOF too, they're just calling it a router. Keepalived lets you set up two separate load balancer boxes for redundancy. When your primary fails, the secondary takes over and sends you an email about it. Everyone else will never know.

my experience

[buddha42]

Back when I worked for my college's web department I oversaw moving their website from the old server platform to a load balanced cluster of x86 servers using LVS/linux/apache/php/mysql. It is not a minor undertaking in any way. Configuring, tweaking, and troubleshooting all the various elements requires an intense amount of trial and error and confusion. Think of it like sendmail or asterisk (its not quite that bad). Overall, the cost of implimenting it in manhours and downtime from learning-experiences weren't worth it being "free". If I had to do it again, I'd buy real network equipment. Even if used off ebay, just get a failover pair.

Now if someone came out with a good embedded linux running lvs with a nice web and cli interface, on solid state hardware, that was a decent amount cheaper than brand name equipment, put up a respectably proffessional looking site, and develop a loyal following, I'd consider it.

Re:my experience

[MikeFM]

LAMP configuration is pretty easy usually. I assume it was the use of LVS for load balancing that made things diffuclt for you? What kind of issues did you have?

Did you try just using DNS for load balancing? That's proven easy and reliable for me.

Did you support users website's too? How did you distribute their files among the different servers?

Re:my experience

[T-Ranger]

Perhaps. But was the hard part configuring LVS, or configuring your web apps to play nice in a even more-stateless enviroment? Its been a few years, but I suspect that if necessary, I could get up and running a pair of (fall over) LVS director boxes, and configure a handfull of backend systems in a good day. Tweeking the backend systems, testing... thats another story; but that time would be consistant across LVS and commercial solutions.

Re:my experience

It is not a minor undertaking in any way.

I think that may have been true when you have to compile in kernel modules and deal with arp problems. These things have been resolved to the point where you need about four sets - add the ip aliases, set sysctl for the arp setup and use ipvsadm to allow load balancing on whichever ports you want.

Shared disks etc?

[Colin+Smith]

No? You don't even need them physically connected these days, SCSI over IP can do it.

LVS isn't really an ideal system, the load balancer is bound to be the box that dies.

For a clustering project :

http://www.linux-ha.org/

Re:Shared disks etc?

[CRBML]

How do you figure the load box is the one that goes....? And a non physical connection as efficient? http://www.redfishonfly.com/

Re:Shared disks etc?

[CRBML]

How do you figure the load box is the one to go...? And a non-physical connection...HOW? http://www.redfishonfly.com/

CmdrTaco are you there?

[maelstrom]

Back in the day you would have been so sensitive about this sort of cross site promotion, but I guess its all about the stock price these days, huh?

Nice, but in the real world (ie: Live on the WWW?)

[niteware]

LVS is not really new news and it is a nice hack and has some good use cases. But in the real world 'dictated and redundant ' load balancers (such as BigIP, etc..) are the only way you are going to run a 24/7 large dynamic web site. Would you REALLY place ONE box (Linux or not) as the gateway/proxy to your web farm, if so, then make so it is a fully redundant box (including CPU) otherwise on the day after the melt down start looking for another job. And if you really place one fully redundant box as your web farm proxy the money you spent on it is going to 10x the cost of a few BigIPs and that big box is not going to be running Linux anyway.... And a warm LVS spare is not really an option either if you are running a 24/7 site, setting up a keep-alive response system to determine if your LVS box croaked and automatically re-writing some IOS routing to use the warm spare is wrought with issues (I've seen some great setups and hacks, but not something that I would use in any type of business at is counting on revenue from their web site).

And as far as 'intensive database application' as quoted in the article, LVS does nothing for you in terms of database synchronization. If you are running a site generated from fairly static data that is synced once in a blue moon then OK you can roll a SQL engine onto each box in the farm and sync them via remote scripts, but that is not what I would call a 'intensive database application'.

whine whine; check out ultramonkey

[havardi]

They have different configurations explained here:
http://www.ultramonkey.org/3/topologies/

They even have an example where 2 machines act as both real servers and directors:
http://www.ultramonkey.org/3/topologies/sl-ha-lb-o verview.html

It's a loadbalancer.

[ARRRLovin]

Like the products from F5, Cisco and Coyotepoint. I thought it was going to be like VMWARE or MSVirtual Server.

Re:Nice, but in the real world (ie: Live on the WW

[Serveert]

keepealived allows for hot standby and even active-active setups. Plus LVS syncs state via multicast. Also, no hacking of routing tables needs to be done, the standard IP takeover works. I've used it in production, taken down the primary, failed over seemlessly, state was synced, no lost connections. It worked fine at 1000 connections/second. Have you done this?

Want more intelligence

[FridayBob]

The last time I tried this stuff out was in 2002. I had a minimal setup with two frontend and backend servers. The frontend machines shared a virtual IP address and kept track of oneanother using a heartbeat. However, the main limitation, as far as I was concerned, was the algorithm used to distribute the requests among the backend machines. It was just that, an algorithm: not anything intelligent.

The problem is that some client requests are 'bigger' than others. If one of my machines got swamped by one or more 'big' requests, then that algorithm would keep sending every other request to that machine even though the other machine was asleep. What I would like to see is a way for the LVS to monitor the loading on the backend machines and always send the client requests on to ones that currently have the least to do. This would, of course, mean that monitoring software would have to be installed on the backend machines so that they could constantly relay their status (CPU load, disk activity, available memory) to the LVS. Too complicated? I wouldn't know. However, it's an idea that just makes more sense to me.

Re:Want more intelligence

[Doppleganger]

There are several monitoring programs you can use to control what you're talking about... You would probably want to look into keepalived (for basic monitoring of responses from the real servers) or lvs-kiss (for more in-depth monitoring of various stats).

In a lot of cases, just using an algorithm that watches the number of connections on the servers will cover this... the swamped machine will end up with more pending connections, causing further requests to be balanced out to the other servers instead. Use one of the available monitors to fine-tune it and handle failing out a server if needed, and everything should be pretty balanced.

Re:Want more intelligence

There are some more exotic alternatives now that may not have been available previously. One is called "weighted least connection - wlc" and the other is "never queue - nq" both seem to be along the lines of what you wanted. scheduler logic is plugable, so you could write one that did more tracking, it didn't look that complicated when I looked at the sample code.

Resonate http://www.resonate.com/ - great software - does do scheduling based on individual server load parameters. They seem to have brought back their free 2 machine set up for Linux. http://cgi.resonate.com/solutions/literature/data_ sheet_cdexpress.php

Re:Want more intelligence

[mrball_cb]

It's called wlc (weighted least connection) algorithm. It does what you want because you can infer the loading of the server by how long it takes to close the connection. Also similar to this is the sed (shortest expected delay) algorithm and the nq (never queue) algorithm.

The wlc algorithm does have a small drawback though. When a new server is brought into the cluster, the wlc algorithm hammers the new server since it is starting out with zero connections compared to the active servers. The sed overall seems to be one of the best solutions since it theoretically yields a consistent, nearly average response time for all inbound connections (tries to keep connection response times near the center of the bell curve). The nq algorthm just says to always assign a job to an idle server instead of waiting for a fast one.

Personally we just use wrr (weighted round robin) on a dual LVS system with failover. We haven't had the opportunity to test sed yet, but it looks applicable to our needs. The wrr algorithm Works for our 50-something load balanced hosts handling about 120 million packets per day (mostly http and https, but also ldap internally), so we don't "fix it". We don't use shared disks, so we avoid a lot of the complexities inherent with those types of systems.

Seriously?

[o-hayo]

Round Robin DNS?

*Yawn* Nothing to see here...

ps. burn karma burn!!!

Re:Seriously?

You my friend are a fucken idiot to think round robin DNS is a solution to load balancing!

Lame Article ... Excellent Software

Unlike most of the posters sharing their 'wisdom' on the merits (or lack thereof) of using PC's for networking ... I can say that I recently setup a load balancer using LVS in front of my Web cluster (of 6 dual Opteron's). It rocks!

You can easily avoid it becoming a single point of failure by using 2 directors with realtime syncronization and failover. Keepalived works well in this regard, giving subsecond failover performance, and even uses VRRP, Cisco's own hot standby protocol.

As for the level hardware that you need, a low end or older PC, such as a P3-700 for instance, can easily saturate a 100 mbit connection.

I used 2 x P4 2.4G systems. So for less than a fraction of the cost of even 1 hardware based boxes, I get hot standby and should be good for way more throughput than I can afford to provide. :)

The best feature that LVS brings to the table that the hardware based implementations miss out on, is flexibility. This software is being enhanced all the time and nothing is impossible with it. The same cannot be said for the hardware solutions.

Unfortuneately the article does not touch on any of the nice add-ons, like keepalived, ldirectord, etc., that make LVS a manageable solution. I know that they are trying to keep the examples simple, but showing servers being configured using solely ipvsadm is not too realistic for the average person and make it look undeservedly complicated, which it is not.

Give LVS a look an see if it might not give you the features you need without paying the big iron prices.

DC

Re:Lame Article ... Excellent Software

Agreed, the article is lame, but LVS is real good.

I've recently implemented an LVS-DR load balancer and a redundant box with master/backup syncronisation. When load testing was performed the web application servers were maxed out and the LVS box was 98% idle.

We have the choice of hardware load balancers (Cisco/F5) or LVS on 2 Linux hosts for 1/10th the price. LVS was chosen and has proved to be a most reliable solution for this mission critical environment.

Re:Lame Article ... Excellent Software

Agreed. Here's a somewhat similar cheapo two-headed symetrical LVS we built a few years ago, that we have been very happy with. Nice to be able to take down either one of the two machines, while the other seamlessly picks up it's tasks, and then releases them when it comes back online.

Have i missed the point.....

[SilentSheep]

Is it just me or have i missed the point. A virtual OS is something running under something like VMWare??? How is this news???

Re:Have i missed the point.....

have i missed the point.

The name can be a little misleading. What LVS is not:
A Clustering solution.
A VM/several systems running on one box hardware virtualization "thing".
A general purpose router.

What LVS is:
A system to provide load balancing and failover for groups of servers that provide tcp/udp based services - http, https, smtp, dns, pop by using a virtual ip address that distributes traffic to members of each group based on different scheduling algos.

(But not nfs because nfs uses different file handle "ids" for the same file on different servers.) The load balanced servers can even be Windows boxes running something like IIS.

Terrible article

[Donny+Smith]

>a cluster for a virtual server - an environment where one can add and remove machines as needed,

From the very beginning it is obvious that the submitter has no clue about clusters, virtual servers and high-traffic environments.

>high-traffic Web site of intensive database application:

What the fuck is this sentence supposed to mean?

>'The main advantage of using LVS is that unlike Microsoft network load-balancing clusters, the LVS allows you to add a node running any operating system that supports TCP/IP to the cluster.'"

Any TCP/IP load balancer allows that.

I haven't seen worse article for quite some time now. Even for /., it is terrible.

PC's are great for networking

[rcw-home]

But there was always a lot of effort involved in getting it to work, and they were always precarious in operation. It was scarey to do upgrades. It was scarey to have hard drives fail.

Here's another approach: put Linux on a CompactFlash card instead of a hard drive. Keep the filesystem mounted read-only for normal operation. Test upgrades on a different computer and CF card. Upgrade by swapping out CF cards. If you can build a PC that doesn't need fans, then you've removed all moving parts from the equation. For smaller installations, single-board computers such as the Soekris are very reliable. For larger installations, you can usually find a 1U system with the level of performance you need.

It was always just so much simpler to get a more expensive Cisco box in the long run due to its design, documentation, an performance.

It always depends on what you're doing, of course, and also what you're familiar with, but for my routing/firewalling/VPN/load balancing/ etc needs I've simply found Linux to be more flexible.

Re:Dubious benefit? - not

I run my "directors" on boxes that were installed via Fedora Core's "minimal install" it only uses the CD #1 then

yum install ipvsadm

.You can use inexpensive, but not necessarily unreliable boxes. And you can use several warm or active directors.

The reason this is a perfect solution for even high traffic sites is because the place where you need the horsepower of multiple machines and complex configuration are on the load balanced servers. LVS allows extremely simple set up requirements on the load balancer and the load balanced server (beyond whatever you need to run your site), very reliable, etc.

These arguments for "hardware" load balancers seem like the same arguments that were used in the past for "hardware" firewalls, proxy servers, web caches, etc.

Free, but not better

[Jesus+IS+the+Devil]

This LVS may be free, but it's nowhere as advanced as current load balancers out there.

For instance, I know of a few that will have the return traffic sent directly from a "real server" directly to the client, rather than that roundabout trip to the scheduler and back out. This is great for offloading network congestion.

Re:Free, but not better

[ButcherCH]

This is also possible with lvs and is called DR http://www.linuxvirtualserver.org/VS-DRouting.html

OpenSSI

[cyrilc]

OpenSSI seems to be a good solution also

Why open source is better.

In the hope that someone doesn't make the mistake we had made, F5 sucks.

I don't know about the 4.* versions (which where FreeBSD), the new versions (9.*) are build upon RedHat.
A open source thing is better because of:
Open bug lists.
Features that simple not work (a timeout for a conection can be choosen but it is never applied) won't be there.
Support Forums where you can get help from real people, not from hot-line minions. (Which are paid to do work they don't like)

I for myself can say that I would love to throw the thousands of euros hardware load balancing away but we won't because it had cost a lot of money.
With open source we would more care about the decisions that we need to face in the future instead of the ones that were made in the past.

Re:Why open source is better.

[AlphaSys]

You have to be careful when making assertions like this. My first introduction to the 9.x series left me with the same impression, but I was wrong. What you have to take into account when using devices with this level of sophistication is that problems can arise at many different junctions, and it isn't necessarily f5 Networks' fault that it is difficult for you to find the root cause of a problem in your SSL termination, iRules chaining or whatever other LTM (local traffic manager) function you're using. It's sophisticated stuff. I had a moderate climb ahead of me when we first started using 4.5x, but 9.x was even more so. But it's not f5's fault that they have delivered a very versatile product that does many things which you may have to think about (hard!) to get a firm grasp upon them. There are to be sure some things in their UI that they could clean up in the way of settings that might be superfluous in a certain configuration (I suspect that it the type of thing you're complaining about above), but that is no reason to trash their whole product. In fact, if you point it out, they may well listen, which is all you could hope for out of your beloved OSS router. Show me a single OSS package that even hints at a claim to half the things a BigIP F5 LTM version 9 series does and I'll shut up.

Did No One Mention....?

Yes, there is a system which can add capacity at will, without a reboot or other disruption. Without even uncrating a box, in fact.
http://www.ibm.com/eserver/zseries/linux