Re: Layer 7 switching.

C. (http://symcbean.blogspot.com/) wrote:
On 3 Sep, 00:46, Johnny Rebel <rebel...@xxxxxxxxxxxx> wrote:
C. (http://symcbean.blogspot.com/) wrote:
On 31 Aug, 00:05, Johnny Rebel <rebel...@xxxxxxxxxxxx> wrote:
Hey,
Just wondering if anyone can recommend any 'production ready' layer 7
switching product on Linux. I am looking at IPVS w/KTCPVs for both
L4/L7 switching, but the L7 stuff does not give me the warm fuzzies.
Just wondering what anyone else is using (other than Apache or squid).
You don't say what kind of traffic you're trying to switch. If it's
HTTP, HTTPS or SMTP then that makes life a lot simpler, but it still
kind of depends what you're trying to achieve. While a Cisco CSS
provides a lot of additional functionality over squid, its stuff I
don't need - so I've used squid where needed, but really I'd prefer to
push the failover out to the browser just using round-robin (there's a
lot of nonsense talked about round-robin DNS - it really is a v. good
way of providing fault-tolerant, volume based balanced connectivity).
Similarly for SMTP - just a backup MX.
Yes - just http/https... it is an enterprise web infrastructure. We
have Cisco's in our current setup, but they are expensive, propriatary
(read: procurement issues) and IMHO, crap. Lots of whiz-bang acronyms,
and flashy glossy.... but we are stuck with them for now. LVS seems to
fit the bill, but the development doesn't quite seem to be behind it in
releases. round-robin DNS is not what I am looking for - we can not
afford any misses which that will give us. We tested that a long while
back, and while it does have some advantages, it isn't what we need.
(enclaved environment all the way).


I've never seen a discarded request in my round-robin testing -
certainly, if a server goes down after the request has been sent from
the client, round-robin is not going to help, but then I've never
heard of a web architecture which can. What did you see that makes you
think different?

Exactly - if a server goes down, round robin falls. I need a 24x7
infrastructure. That level up to the SSL reverse proxies is A-OK. LVS
will do stateful failover(L3)via the heartbeat VLAN - not really
failover - every other node has every other session table. "failover"
is instant since the client is hitting a virtual IP.


Yes - front end is three load-balancers, then two SSL reverse proxies
going to a set of 5 load-balancers. From here, down to multiple
Peoplesoft type applications (web based) on a flat backbone. LVS from
what I have been read does provide stateful failover for L3 switching.

You've probably read more than me - but I'd recommend reading it again
very carefully, particulary how quickly failover can be detected.

Yep - it is instant from what I am reading, testing may prove otherwise
(still waiting for my servers). The layer 7 stuff is where things get a
little trickier.


Making L7 have stateful failover shouldn't be that far a stretch. This
is all above the application layer (not the OSI application layer) so
shoudl be doable. I have heard that Weblogic has this already in their
web servers...


As far as I know this is just session data replication - so the
session is resumable on a different node - but not the request.

You are correct - the session is resumable - so is the request since the
web server doesn't actually do it do the DB - the application (BEA
Tuxedo does that, and does it well) server does that. If an app server
goes down - the request is toast.


I'd be interested to hear about your round-robin testing / any
progress on request resumption.

We are not even considering round robin for this infrastructure since it
doesn't meet our requirements. We will only have one virtual IP to
access just about every web application in the enclaved environment.
Round robin would assume multiple front end servers/IP's. While we will
have a large infrastructure (120k users approx) throughput is not our
largest concern (each node /should/ do about 700mbps balanced)
availability is. Front infrastructure must always be available
including during maintenance on individual nodes, system down etc...

JR.



C.


--

Bill will have to take Linux from my cold, dead flippers.

-Tux.
.

Relevant Pages

  • How to load idl stubs dynamically
    ... I done layer that getting calls from the web layer and send the request ... Via corba, this is my first application dealing corba technology and ... Im using im my case jacorb as client and visibroker orb as server this ...
    (comp.lang.java.corba)
  • Re: Why Ping does not Work
    ... nor can I ping my server here in Richmond from ... I can ping my home computer ... the rest of the internet. ... layer produces complete protection. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Microkernel X11?
    ... I assumed it was a kernel crash, ... And no deal is it a solid X server or some microkernel based. ... it also messes up the console subsystem in a way that switching to ... more religious Linux proponents against Minix. ...
    (comp.os.minix)
  • Re: Scatter-gather list constraints
    ... Alan Stern wrote: ... of 1536 bytes and 2048 bytes respectively, and the DMA requirement is ... Then the request could be broken up into three requests of 1024, 512, ... in the block layer but it's about adding a new concept to the block ...
    (Linux-Kernel)
  • Re: Layer 7 switching.
    ... Just wondering if anyone can recommend any 'production ready' layer 7 ... L4/L7 switching, but the L7 stuff does not give me the warm fuzzies. ... For J2EE you'd need to set up session replication, for PHP, just a ... Bill will have to take Linux from my cold, ...
    (linux.redhat)