Version 6.0 |
||||||||||||||||||||||||||||||||
|
|
The DSR/DR is the preferred Load-Balancing method for larger installations.
When this method is used, each Server is configured to have the VIP (Virtual IP) shared addresses as its local IP addresses.
This allows each Server to receive all packets directed to the VIP addresses, and to send responses directly to the clients
using the VIP as the "source" address.
The servers should not respond to the arp requests for these VIP addresses. Instead the load balancer responds to these requests,
and thus all incoming packets directed to the VIP addresses are delivered to the load balancer, which redirects them to Servers.
When redirecting these incoming packets, the load balancer sends them directly to the Server MAC address, without changing the packet
destination address, that remains the VIP address.
Note: Because MAC addresses are used to redirect incoming packets, the Load Balancer and all balanced Servers (usually - CommuniGate Pro Cluster frontends) must be connected to the same network segment; there should be no router between the Load Balancer and those Servers.
To use the DSR method, create an "alias" for the loopback network interface on each Frontend Server. While the standard address for the loopback interface is 127.0.0.1, create an alias with the VIP address and the 255.255.255.255 network mask:Make sure that the kernel is configured to avoid ARP advertising for this lo interface (so the VIP address is not linked to any Frontend server in arp-tables). Subject to the Linux kernel version, the following commands should be added to the /etc/sysctl.conf file:
If you plan to have many VIPs, or if you plan to use CommuniGate Pro Load Balancing with the Linux built-in ipvs load balancer,
do not create /etc/sysconfig/network-scripts/ifcfg-lo:n files.
Create the /etc/sysconfig/vipaddrs configuration file instead, and put all VIP addresses into it, as addresses, or subnetworks, one address per line.
For example:
Note: line starting with the # symbol are ignored. They can be used as comments.
Note: subnetwork masks must be 24 bits or longer.
Create the following configuration scripts:
Note: when a network "alias" is created, open the General Info page in the CommuniGate Pro WebAdmin Settings realm, and click the Refresh button to let the Server detect the newly added IP address.
The DSR method is transparent for all TCP-based services (including SIP over TCP/TLS), no additional CommuniGate Pro Server configuration is required: when a TCP connection is accepted on a local VIP address, outgoing packets for that connection will always have the same VIP address as the source address.
To use the DSR method for SIP UDP, the CommuniGate Pro frontend Server configuration should be updated:Load Balancers usually send some requests to servers in their "balanced pools". Lack of response tells the Load Balancer to remove the server from the pool, and to distribute incoming requests to remaining servers in that pool.
With SIP Farming switched on, the Load Balancer own requests can be relayed to other servers in the SIP Farm, and responses will come from those servers. This may cause the Load Balancer to decide that the server it has sent the request to is down, and to exclude the server from the pool.A "no-NAT" configuration with "normal" load balancing for POP, IMAP, and "DSR" load balancing for SIP (UDP/TCP), SMTP, HTTP User (8100).
The Load Balancer configuration:Startup configuration: ! server predictor round-robin ! server real fe5 64.173.55.180 port pop3 port pop3 keepalive port imap4 port imap4 keepalive port 5060 port 5060 keepalive port smtp port smtp keepalive port 8100 port 8100 keepalive ! server real fe6 64.173.55.181 port pop3 port pop3 keepalive port imap4 port imap4 keepalive port 5060 port 5060 keepalive port smtp port smtp keepalive port 8100 port 8100 keepalive ! server real fe7 64.173.55.182 port pop3 port pop3 keepalive port imap4 port imap4 keepalive port 5060 port 5060 keepalive port smtp port smtp keepalive port 8100 port 8100 keepalive ! server real fe8 64.173.55.183 port pop3 port pop3 keepalive port imap4 port imap4 keepalive port 5060 port 5060 keepalive port smtp port smtp keepalive port 8100 port 8100 keepalive ! ! server virtual vip1 64.173.55.164 predictor round-robin port pop3 port imap4 port 5060 port 5060 dsr port smtp port smtp dsr port 8100 port 8100 dsr bind pop3 fe5 pop3 fe6 pop3 fe7 pop3 fe8 pop3 bind imap4 fe5 imap4 fe6 imap4 fe7 imap4 fe8 imap4 bind 5060 fe8 5060 fe7 5060 fe6 5060 fe5 5060 bind smtp fe8 smtp fe7 smtp fe6 smtp fe5 smtp bind 8100 fe5 8100 fe6 8100 fe7 8100 fe8 8100 ! ip address 64.173.55.176 255.255.255.224 ip default-gateway 64.173.55.161 ip dns server-address 64.173.55.167 ip mu act endNote: you should NOT use the port 5060 sip-switch, port sip sip-proxy-server, or other "smart" (application-level) Load Balancer features.
script start "Alteon AD3" 4 /**** DO NOT EDIT THIS LINE! /* Configuration dump taken 21:06:57 Mon Apr 9, 2007 /* Version 10.0.33.4, Base MAC address 00:60:cf:41:f5:20 /c/sys tnet ena smtp "mail.communigate.com" mnet 64.173.55.160 mmask 255.255.255.224 /c/sys/user admpw "ffe90d3859680828b6a4e6f39ad8abdace262413d5fe6d181d2d199b1aac22a6" /c/ip/if 1 ena addr 64.173.55.176 mask 255.255.255.224 broad 64.173.55.191 /c/ip/gw 1 ena addr 64.173.55.161 /c/ip/dns prima 64.173.55.167 /c/sys/ntp on dlight ena server 64.173.55.167 /c/slb on /c/slb/real 5 ena rip 64.173.55.180 addport 110 addport 143 addport 5060 addport 25 addport 8100 submac ena /c/slb/real 6 ena rip 64.173.55.181 addport 110 addport 143 addport 5060 addport 25 addport 8100 submac ena /c/slb/real 7 ena rip 64.173.55.182 addport 110 addport 143 addport 5060 addport 25 addport 8100 submac ena /c/slb/real 8 ena rip 64.173.55.183 addport 110 addport 143 addport 5060 addport 25 addport 8100 submac ena /c/slb/group 1 add 5 add 6 add 7 add 8 name "all-services" /c/slb/port 1 client ena /c/slb/port 5 server ena /c/slb/port 6 server ena /c/slb/port 7 server ena /c/slb/port 8 server ena /c/slb/virt 1 ena vip 64.173.55.164 /c/slb/virt 1/service pop3 group 1 /c/slb/virt 1/service imap4 group 1 /c/slb/virt 1/service 5060 group 1 udp enabled udp stateless nonat ena /c/slb/virt 1/service smtp group 1 nonat ena /c/slb/virt 1/service 8100 group 1 nonat ena / script end /**** DO NOT EDIT THIS LINE!
vlan external { tag 4093 interfaces 1.1 1.2 } stp instance 0 { vlans external interfaces 1.1 external path cost 20K internal path cost 20K 1.2 external path cost 20K internal path cost 20K } self allow { default udp snmp proto ospf tcp https udp domain tcp domain tcp ssh } self 64.173.55.176 { netmask 255.255.255.224 vlan external allow all }
partition Common { description "Repository for system objects and shared objects." } route default inet { gateway 64.173.55.161 } monitor MySMTP { defaults from smtp dest *:smtp debug "no" } profile fastL4 CGS_fastL4 { defaults from fastL4 idle timeout 60 tcp handshake timeout 15 tcp close timeout 60 loose initiation disable loose close enable software syncookie disable } pool Frontends { monitor all MySMTP and gateway_icmp members 64.173.55.180:any 64.173.55.181:any 64.173.55.182:any 64.173.55.183:any } node * monitor MySMTP
virtual address 64.173.55.164 { floating disable unit 0 } virtual External { translate address disable pool Frontends destination 64.173.55.164:any profiles CGS_fastL4 }
For each Cluster Member that can initiate TCP connections (usually the frontend servers), select a port range for outgoing connections. These ranges should not intersect. For example, select the port range 33000-33999 for the first Cluster Member, 34000-34999 for the Cluster Member, etc.
Make sure that the server OS is configured so that the selected port range is outside of the OS "ephemeral port" range. For example, the following command can be used to check the Linux OS "ephemeral port" range:For each of these Cluster members, open the Network settings in the WebAdmin Settings realm, and specify the selected TCP port range. Disable the Use for Media Proxy only option to make the CommuniGate Pro Server software use the selected port range for all outgoing TCP connections with a predefined source address.
Configure the Load Balancer: all packets coming to VIP address(es) and to any port in the selected port range should be directed to the corresponding Cluster Member.
Select the cluster members to distribute the incoming traffic to. In a frontend-backend configuration, you would usually use all or some of the frontend servers for that.
Make sure that all selected cluster members have the VIP addresses configured as "loopback aliases" (see above).
Use the WebAdmin Interface to open the Cluster page in the Settings realm and select the Load Balancer group A for all selected servers:As soon as the first Load Balancer helper application starts on some Cluster Member, the Cluster Controller activates that Helper, making it direct all incoming traffic to its Cluster member, and distribute that traffic to all active Cluster members in its Load Balancer Group.
If the Cluster Member running the active Load Balancer fails or it is switched into the "non-ready" state, the Cluster Controller activates some other Load Balancer member in that group (if it can find one).
The CommuniGate Pro Linux package includes the Services/IPVSHelper.sh shell application that can be used to control the IPVS software load balancer.
The application expects that the VIP addresses are stored in the /etc/sysconfig/vipaddrs file, and the local interface (lo) aliases for these addresses have beeen created (see above).
Specify $Services/IPVSHelper.sh parameters as the External Load Balancer "program path", and start it by selecting the Helper checkbox.Note: the Linux kernel 3.5.3-1 or better is recommended. When an earlier version is used, all TCP connections made to the active Load Balancer are dropped, when a different server becomes the active Load Balancer.
Note:If a Cluster member has the External Balancer Helper application switched on, and then it is switched off, some active connections may be broken. If you do not plan to switch the Helper application back on, restart the ipvsadm service or switch it off completely.