LVS-HOWTO中文翻譯計劃,感興趣加入群72050696
現在網友友對LVS的只是都是很熱衷,現在打算建立一個lvs howto的翻譯項目,主要目的是翻譯austintek的LVS HOWTO文章,最後做成一個比較實用的能增加網友對LVS項目的深入理解,並將翻譯文章成果以GPL的形式進行發布,以幫助國內的網友儘快的掌握LVS的精華並能在實踐中進行具體的應用。
為了保證項目能夠良好的進行,需要合作者對基於LVS的群集理論及實踐應用有一定的理解和經驗,對開源協作等有一定的經驗,而且最好能有一位有豐富開源項目經驗的朋友加入,因為開源需要很多的交流和討論。
我不是一個有經驗群集管理,但在群集系統實現上大家多給予一些幫助,初步預測這個項目要具有分散式(將51個章節的內容分配到不同的項目成員手中,各個項目成員要相配合),具體翻譯內容需要深入的進行討論並結合實踐進行說明再詳細討論,年底之前出完全版吧,不知道有沒有感興趣,我想我們不僅僅是重在參與,而且還得重視結果,也希望對LVS等項目有研究的朋友給予一定的幫助哦,我們不求做的那麼大,但求實用。
感興趣的加入群72050696。
希望CU群集與虛擬機的網友積极參加進來。
第二樓和第三樓分別是翻譯內容的第一章到第五十一章的目錄。
熱心的網友已經開始加入這個計劃了
西安|百湖|3 翻譯第三章,計劃10月的第四個星期完成;
廣州|小葉|2 翻譯第二章,計劃十一月第一個星期完成;
紅豆翻譯第51節;
小學沒畢業|7翻譯第7章;
[ 本帖最後由 kns1024wh 於 2008-10-14 12:14 編輯 ]
《解決方案》
需要翻譯的內容目錄第一至第三十章
Table of Contents
1. LVS: Introduction
1.1. Thanks
1.2. About the HOWTO
1.3. Nomenclature/Abbreviations
1.4. Minimal knowledge required
1.5. Free Technical Help
1.6. After you've Got Technical Help
1.7. Paid technical help
1.8. Mailing list: subscribing, unsubscribing, searching
1.9. Mailing list: posting to
1.10. Bug Fixes
1.11. Other load balancing solutions, GPL, opensource and commercial
1.12. Books on LVS
1.13. LVS in the news
1.14. Software/Information/HOWTOs useful/related to LVS
2. LVS: What is an LVS? Can I use an LVS?
2.1. What is a VIP?
2.2. Where do you use an LVS?
2.3. Client/Server relationship is preserved in an LVS
2.4. LVS director is an L4 switch
2.5. LVS forwards packets to realservers
2.6. LVS runs on Linux and FreeBSD directors
2.7. Code for LVS is different for each kernel series
2.8. kernels from 2.4.x series are SMP for kernel code
2.9. OS for realservers
2.10. LVS works on ethernet
2.11. LVS works on IPv6
2.12. LVS is continually being developed
2.13. LVS is 64 bit
2.14. Other documentation
2.15. LVS is not simple to install, get going or keep running
2.16. LVS Control (Failure, Thundering Herd, Sorry Servers)
2.17. clients on realservers
3. LVS: Install, Configure, Setup
3.1. Installing from Source Code
3.2. Ultra Monkey
3.3. Keepalived
3.4. ipvsman(d)
3.5. Alternate hardware: Soekris (and embedded hardware)
3.6. LVS on a CD: Malcolm Turnbull's ISO files
4. LVS: Ipvsadm and Schedulers
4.1. Using ipvsadm
4.2. Memory Requirements
4.3. sysctl documentation
4.4. Compile a version of ipvsadm that matches your ipvs
4.5. put realservers in /etc/hosts
4.6. RR and LC schedulers
4.7. Netmask for VIP
4.8. LBLC, DH schedulers
4.9. LVS with mark tracking: fwmark patches for multiple firewalls/gateways
4.10. SH scheduler
4.11. What is an ActiveConn/InActConn (Active/Inactive) connnection?
4.12. FAQ: ipvsadm shows entries in InActConn, but none in ActiveConn, connection hangs. What's wrong?
4.13. FAQ: initial connection is delayed, but once connected everything is fine. What's wrong?
4.14. unbalanced realservers: does rr and lc weighting equally distribute the load? - clients reusing ports
4.15. Changing weights with ipvsadm
4.16. Dynamically changing realserver weights
4.17. feedbackd
4.18. lvs-kiss
4.19. connection threshold
4.20. Flushing connection table
4.21. Thundering herd problem, Slow start code for realserver(s) coming on line
4.22. Handling kernel version dependant files e.g. System.map and ipvsadm
4.23. Limiting number of clients connecting to LVS
4.24. Who is connecting to my LVS?
4.25. experimental scheduling code
4.26. Ratz's primer on writing your own scheduler
4.27. changing ip_vs behaviour with sysctl flags in /proc
4.28. Counters in ipvsadm
4.29. Exact Counters
4.30. Scheduling TCP/UDP/SCTP/TCP splicing/
4.31. patch: machine readable error codes from ipvsadm
4.32. patch: stateless ipsvadm - add/edit patch
4.33. patch: fwmark name-number translation table
4.34. ip_vs_conn.pl
4.35. Luca's php monitoring script
4.36. ipvsadm set option
4.37. ipvsadm error messages
4.38. ipvsadm fast update bug with smp
5. LVS: LVS-NAT
5.1. Introduction
5.2. LVS-NAT bugs
5.3. Example 1-NIC, 2 Network LVS-NAT (VIP and RIPs on different network)
5.4. All packets sent from the LVS-NAT realserver to the client must go through the LVS-NAT director
5.5. Run the configure script
5.6. Setting up demasquerading on the director; 2.4.x and 2.2.x
5.7. rewriting, re-mapping, translating ports with LVS-NAT
5.8. masquerade timeouts
5.9. Julian's step-by-step check of a L4 LVS-NAT setup
5.10. How LVS-NAT works
5.11. In LVS-NAT, how do packets get back to the client, or how does the director choose the VIP as the source_address for the outgoing packets?
5.12. One Network LVS-NAT
5.13. re-mapping ports, rewriting is slow for 2.0, 2.2 kernels
5.14. Two instances of demon running on realserver
5.15. Performance of LVS-NAT
5.16. Various debugging techniques for routes
5.17. Connecting directly from the client to a service:port on an LVS-NAT realserver
5.18. A NAT router has no connections
5.19. Thoughts on extending NAT
5.20. Postings from the mailing list
5.21. LVS-NAT source routing patch (Brownfield, Sawari and Black)
5.22. LVS-NAT FTP Recipe
5.23. LVS-NAT vhosts with apache
5.24. LVS-NAT timeout problem
6. LVS: The ARP Problem
6.1. The problem
6.2. Put the VIP on the realservers lo device
6.3. The Cure(s)
6.4. The Cure: 2.0 kernels - nothing needed
6.5. The Cure: 2.2.x kernels - many options
6.6. The Cure: 2.4.x kernels - arp_ignore/arp_announce
6.7. The Cure: 2.6.x kernels - arp_ignore/arp_announce
6.8. arptables
6.9. The arp problem is on the realserver's VIP not the RIP
6.10. Testing an interface for replies to arp requests
6.11. Normal machines, Solaris
6.12. problems with switches
6.13. The ARP problem, the first inklings
6.14. A posting to the mailinglist by Peter Kese explaining the "arp problem"
6.15. arp bouncing
6.16. Lar's Method
6.17. Static Routing to Director
6.18. iproute2 arp on|off flag
6.19. Is the arp behaviour of 2.2.x kernel a bug?
6.20. The device doesn't reply to arp requests, the kernel does.
6.21. Properties of devices for the VIP
6.22. Topologies for LVS-DR and LVS-Tun LVS's
6.23. Why do all devices broadcast the arp replies
6.24. A discussion about the arp problem
6.25. ATM/ethernet and router problems
6.26. Same IP on multiple NICs
7. LVS: LVS-DR
7.1. LVS-DR example
7.2. How LVS-DR works
7.3. Handling the arp problem for LVS-DR
7.4. LVS-DR scales well
7.5. LVS-DR director as default gw for realservers, transparent proxy and Julian's martian and forward_shared patches
7.6. Accepting packets on LVS-DR director by fwmarks
7.7. security concerns: default gw(s) and routing with LVS-DR/LVS-Tun
7.8. routing to realserver from director
7.9. LVS-DR, LVS-Tun need rp_filter=0
7.10. Director as client in LVS-DR
7.11. from the mailing list
7.12. rewriting, re-mapping, translating ports with LVS-DR
8. LVS: LVS-Tun
8.1. LVS-Tun Intro
8.2. LVS-Tun example setup
8.3. You need a tunl0 device
8.4. the ARP problem with LVS-Tun
8.5. Reply packets appear to be spoofed
8.6. How LVS-Tun works
8.7. The RIP (not the tunl device) receives the ipip packet
8.8. Configure LVS-Tun
8.9. set rp_filter correctly
8.10. FreeBSD and Solaris realservers with LVS-Tun
8.11. Windows realservers with LVS-Tun
8.12. Realservers without ipip encapsulation
8.13. LVS-Tun has smaller MTUu: PMTU is disabled - handling fragmentation
8.14. MTU: early signs of problems
8.15. tunl mtu solved: Setting the MTU by MSS with iptables on the realserver
8.16. Setting the MTU by route
8.17. rewriting, re-mapping, translating ports with LVS-Tun
9. LVS: LocalNode
9.1. Two LocalNode Servers
9.2. Two Box LVS
9.3. Testing LocalNode
9.4. Localnode on the backup director
9.5. rewriting, re-mapping, translating ports with Localnode
10. LVS: You can't map (or earewrite) ports with LVS-DR, LVS-Tun or localnode (but you can with iptables)
10.1. You can't rewrite ports with localnode (but you can with iptables)
10.2. rewriting, re-mapping, translating ports with iptables in LVS-DR
10.3. can't port map with LVS
11. LVS: Non-LVS clients on Realservers
11.1. always NAT out clients through VIP
11.2. Masquerading clients on realservers to the outside world (SNAT)
11.3. Masquerading clients on LVS-NAT realservers
11.4. Masquerading clients on LVS-DR realservers
11.5. Masquerading clients on LVS-Tun realservers
11.6. Masquerading clients through the VIP on the director
11.7. 3-Tier LVS
11.8. Routes needed for 3-Tier LVS
11.9. Setting up routes using iptables and iproute2
11.10. from the mailing list
12. LVS: LVS clients on Realservers
12.1. Do you really need LVS clients on the realserver in a 3-Tier setup?
12.2. Realserver as LVS client in LVS-NAT
12.3. Realserver as LVS client in LVS-DR
13. LVS: Non Linux Realservers
13.1. Loopback interface on Windows/Microsoft/NT/W2K
13.2. Mac OS X (and Solaris)
14. LVS: identd/authd
14.1. What is authd/identd?
14.2. authd/identd and other 3-Tier clients
14.3. symptoms of the identd problem
14.4. comp.os.linux.security FAQ on identd
14.5. Russ Nelson on identd
14.6. Why identd is a problem for LVS
14.7. tcpdumps of connections delayed by identd
14.8. There are solutions to identd problem in some cases
14.9. Turn off tcpwrappers
14.10. Identd and smtp/pop/qmail
15. LVS: Variants on LVS: Local Nodes (One Box LVS)
16. LVS: Variants on LVS: Peter Warasin's ip_vs() in PREROUTING
17. LVS-J: Ludo's reinJect Forwarder: using the director as a gateway to load balance connections to the internet
17.1. Introduction
17.2. reinJect setup with ipvsadm
17.3. The target LVS: sending packets with dst_addr=0/0 to ip_vs
17.4. setting up LVS-J forwarding
17.5. SNAT'ing the output
17.6. LVS-J discussion by Ludo
18. LVS: Services: general, setup, debugging new services
18.1. Single port services are simple
18.2. setting up a (new) service
18.3. services must be setup for forwarding type
18.4. Realservers present the same content: Synchronising (filesharing) content and config files, backing up realservers
18.5. cfengine for synchronising files
18.6. File Systems for (really big) Clusters: Lustre, Panasas
18.7. File Systems for Clusters: Samba waits for a commit and is slow, NFS fills buffers and is fast
18.8. Discussion on distributed filesystems
18.9. load balancing and scheduling based on the content of the packet: Cookies, URL, file requested, session headers
18.10. timeouts for TCP/UDP connections to services
18.11. name resolution on realservers: running name resolution friendly demons on realservers
18.12. Debugging new services
18.13. "broken" services:servlets and j2ee
18.14. http logs, error logs
19. LVS: Services: single-port
19.1. ftp, tcp 21
19.2. ssh, sftp, scp, tcp 22
19.3. telnet, tcp 23
19.4. smtp, tcp 25; pop3, tcp 110; imap tcp/udp 143 (imap2), 220(imap3). Also sendmail, qmail, postfix, and mailfarms.
19.5. Mail Farms
19.6. dns, tcp/udp 53 (and dhcpd server 67, dhcp client 68)
19.7. http name and IP-based (with LVS-DR or LVS-Tun), tcp 80
19.8. http with LVS-NAT
19.9. httpd is stateless and normally closes connections
19.10. netscape/database/tcpip persistence (keepalives)
19.11. dynamically generated images on web pages
19.12. http: sanity checks, shutting down, indexing programs, htpasswd, apache proxy and reverse proxy to look at URL, mod_backhand, logging
19.13. HTTP 1.0 and 1.1 requests
19.14. Large HTTP /POST with LVS-Tun
19.15. Microsoft http clients and servers violate the RFC for TCP/IP
19.16. http keepalive - effect on InActConn
19.17. Fallback/Sorry pages with Apache
19.18. Testing http with apachebench (ab)
19.19. Apache setup for DoS
19.20. squids, tcp 80, 3128
19.21. authd/identd, tcp 113 and tcpwrappers (tcpd)
19.22. ntp, udp 123
19.23. https, tcp 443
19.24. name based virtual hosts for https
19.25. Obtaining certificates for https
19.26. Self made certificates
19.27. SSL Accelerators and Load Balancers
19.28. r commands; rsh, rcpi (and their ssh replacements), tcp 514
19.29. lpd, tcp 515
19.30. Databases
19.31. Databases: mysql
19.32. Using Zope with databases
19.33. Databases: Microsoft SQL server, tcp 1433
19.34. Databases: Oracle
19.35. Databases: ldap, tcp/udp 389, tcp/udp 636
19.36. nfs, udp 2049
20. LVS: Services: multi-port
20.1. Introduction
20.2. ftp general, active tcp 20,21; passive 21,high_port
20.3. ftp helper modules: ip_vs_ftp/ip_masq_ftp
20.4. ftp (active) - the classic command line ftp
20.5. ftp (passive)
20.6. ftp helper bug(s)
20.7. ftp is difficult to secure
20.8. ftps (ssl based ftp), tcp 21, 22?
20.9. dns, tcp/udp 53 (and dhcpd server 67, dhcp client 68)
20.10. samba, udp 137, udp 138, tcp 139, tcp 445
20.11. xdmcp, X-window, udp 177 (xdmcp), tcp 6000 (and ssh X-forwarding)
20.12. r commands; rsh, rcp, and their ssh replacements, tcp 513 (,514) and another connection
20.13. Streaming Media: RealNetworks, Quicktime, Windows Media Server, tcp/udp 554 (and other ports)
20.14. Radius, udp 1645,1646
21. LVS: Services that we haven't got to work with LVS yet
21.1. Kerberos
21.2. RMI
22. LVS: UDP Services - unique problems
22.1. SIP (Session Initiation Protocol)
22.2. UDP timeouts (SIP)
22.3. UDP timeouts (DNS)
22.4. Julian's One Packet Scheduler (OPS) for UDP, timeouts for DNS
22.5. icmp responses aren't generated by UDP timeouts on VIP-less directors
23. LVS: Routing and packet delivery to a director without a VIP (for fwmark and transparent proxy)
23.1. Introduction
23.2. Routing to and accepting packets by a VIP-less director
23.3. Routing to the MAC address of the director
23.4. Julian's iproute2 solutions
23.5. Ludos LVS target in iptables
23.6. Transparent proxy Q and A
23.7. Other tricks
24. LVS: Fwmarks (firewall marks)
24.1. Introduction
24.2. ipvsadm syntax for fwmark
24.3. setting up routing and packet delivery to the director
24.4. single-port service: telnet with fwmarks
24.5. Grouping services: single group, active ftp(20,21)
24.6. Grouping services: two groups, active ftp(20,21) and e-commerce(80,443)
24.7. passive ftp
24.8. fwmark with LVS-NAT
24.9. collisions between fwmark and VIP rules
24.10. persistence granularity with fwmark
24.11. fwmark allows LVS-DR director to be default gw for realservers
24.12. fwmark simplifies configuration for large numbers of addresses
24.13. Example: firewall farm
24.14. Example: LVS'ing a CIDR block
24.15. Example: forwarding based on client source IP
24.16. Example: load balancing multiple class C networks
24.17. Example: proxy server
24.18. Example: transparent web cache
24.19. Example: Multiply-connected router
24.20. httpd clients (browsers)
24.21. Example: dynamically generated images in webpages
24.22. Example: Balancing many IPs/services as one block
24.23. Example: Source controlled LVS - services and realserver customised by Client IP
24.24. Appendix 1: Specificiations for grouping of services with fwmarks
24.25. Appendix 2: Demonstration of grouping services with fwmarks
24.26. Appendix 3: Announcement of grouping services with fwmarks
24.27. fwmark examples from the mailing list
25. LVS: Transparent proxy (TP or Horms' method)
25.1. setting up routing and packet delivery to the director
25.2. General
25.3. How you use TP
25.4. The original 2.2 TP setup method
25.5. Transparent proxy for 2.4.x (and presumably 2.6.x)
25.6. Experiments showing that 2.4TP is different to 2.2TP
25.7. What IP TP packets arriving on?
25.8. Take home lesson for setting up TP on realservers
25.9. Handling identd requests from 2.4.x LVS-DR realservers using TP
25.10. Performance of Transparent Proxy
25.11. The difference between REDIRECT and TPROXY
26. LVS: Transparent Bridging
27. LVS: Persistent Connection (Persistence, Affinity in cisco-speak)
27.1. LVS persistence
27.2. Scheduling looks different under persistence
27.3. Persistent and regular (non-persistent) services together on the same realserver.
27.4. Tracing connections: where will the client connect next?
27.5. Bringing down persistent services.
27.6. Forcing a break in a persistent connection: expire_quiescent_template - Horms sysctl for quiescing persistent connections
27.7. what if a realserver holding a persistent (sticky) connection crashes
27.8. Load Balancing time constant is longer with persistence
27.9. The tcp NONE flag
27.10. Resetting the persistence timeout counter (persistence behaviour for short timeout values)
27.11. Why you don't want persistence for your e-commerce site: why you should rewrite your application
27.12. more about e-commerce sites: we used to think memory was the problem - it isn't
27.13. persistence with windows realservers
27.14. messing with the ipvsadm table while your LVS is running
27.15. Persistence for multiport services
27.16. Proxy services, e.g. AOL
27.17. key exchanges (SSL)
27.18. About longer timeouts
27.19. passive ftp and persistence
27.20. The Persistence Template (about port 0)
27.21. persistent clients behind a proxy or nat box
27.22. Rogue clients hidden by persistence
27.23. Long (1 day) persistence to windows terminal servers
28. LVS: Running a firewall on the director: Interaction between LVS and netfilter (iptables).
28.1. Start with no filter rules
28.2. Introduction
28.3. Path of an ip_vs controlled packet
28.4. how to filter with netfilter
28.5. ipvs_nfct, netfilter connection tracking for ipvs
28.6. LVS-NAT netfilter conntrack example with ftp
28.7. tcpdump is LVS compatible
28.8. Writing Filter Rules
28.9. The Antefacto Netfilter Connection Tracking patches
28.10. The design of LVS as a netfilter module, pt1
28.11. The design of LVS for Netfilter and Linux 2.4, pt2
28.12. Example ip_tables filter scripts
28.13. performance hit on director with iptables/netfilter
28.14. Long sessions through LVS DR director terminated by icmp-host-prohibited (ICMP type 3 code 10)
29. LVS: Cluster friendly versions of applications that need to maintain state
29.1. rewriting your application/service
29.2. Session Data, maintaining state in a cluster, from Andreas Koening
29.3. Single Session
29.4. IIS session management: how it works
29.5. Maintaining state with persistence
29.6. How others maintain state
30. LVS: Squid Realservers (poor man's L7 switch)
30.1. Terminology
30.2. Preview
30.3. Let's start assembling
30.4. One squid
30.5. Another squid
30.6. Combining pieces with LVS
30.7. Problems
《解決方案》
翻譯計劃內容第三十一章至第五十一章目錄
31. LVS: Performance and Kernel Tuning
31.1. Performance Articles
31.2. Estimating throughput: Rule of Thumb
31.3. Estimating throughput: 100Mbps FE is really 8000packets/sec ethernet
31.4. Jumbo frames
31.5. Network Latency
31.6. Mixture of 100Mbps and GigE ethernet
31.7. NICs and Switches, 100Mbps (FE) and 1Gbps (GigE)
31.8. NIC bonding
31.9. NIC problems - eepro100
31.10. NIC problems - tulip
31.11. dual/quad ethernet cards, IRQ sharing problems
31.12. Flakey Switch
31.13. performance testing tools
31.14. Max number of realservers
31.15. FAQ: What is the minimum hardware requirements for a director
31.16. FAQ: How fast/big should my director be?
31.17. SMP doesn't help
31.18. Performance Hints from the Squid people
31.19. realservers filling conntrack tables (LVS-DR)
31.20. Conntrack, effect on throughput
31.21. Don't use the preemptible/preemptable/preemptive kernels
31.22. 9.6Gbps served using LVS-DR with gridftp
32. LVS: Monitoring
32.1. CPU usage/load level on the director?
32.2. LVS throughput at the director with ipvsadm
32.3. Monitoring: LVS director throughput statistics from the /proc system (originally /proc/net/ip_vs_stats)
32.4. MRTG family: Intro
32.5. MRTG family: LVSGSP
32.6. MRTG
32.7. MRTG family: RRDtool
32.8. MRTG family: cacti
32.9. MRTG family: Ganglia (incl. INSTALL)
32.10. MRTG family: rrd images
32.11. Nagios
32.12. MIB/SNMP
32.13. home brew MIB/SNMP
32.14. Disks
32.15. Other output GUIs
33. LVS: Details of LVS operation, Security, DoS
33.1. Top 20 security vunerabilities
33.2. Top 75 security tools from the people at nmap
33.3. Network Testing with Abberant Packets
33.4. Do I need security, really?
33.5. What to do after a break-in, prevention strategies
33.6. More about syncookies
33.7. Can filter rules stop the intruder hopping to other machines?
33.8. Where filter rules act
33.9. /proc filesystem flags for ipv4, e.g.rp_filter
33.10. tcp timeout values, don't change them (at least yet)
33.11. /proc file system settings for LVS: security and private copies of tcp timeouts for LVS connections (you can change these)
33.12. timeouts the same for all services
33.13. Director Connection Hash Table
33.14. Hash table connection timeouts
33.15. Hash Table DoS
33.16. Hash table size, director will crash when it runs out of memory.
33.17. The LVS code does not swap
33.18. Other factors determining the number of connections
33.19. Port range: limitations, expanding port range on directors
33.20. Director does not have any ports (connections) open for an LVS connection
33.21. apps starved for ports
33.22. realserver running out of ports
33.23. Maximum number of NICs
33.24. DoS
33.25. DoS, from the mailing list
33.26. Testing DoS Strategies with testlvs: Creating large numbers of InActConn
33.27. Debugging LVS
33.28. realserver content: filesystem or database? (the many reader, single writer problem)
33.29. Developement: Supporting IPSec on LVS
34. LVS: ICMP
34.1. MTU discovery and ICMP handling
34.2. LVS code only needs to handle icmp redirects for LVS-NAT and not for LVS-DR and LVS-Tun
34.3. ICMP checksum errors
34.4. ICMP Timeouts
34.5. PMTUD (path MTU discovery)
34.6. Long sessions through LVS DR director terminated by icmp-host-prohibited (ICMP type 3 code 10)
35. LVS: High Availability, Failover protection
35.1. Introduction
35.2. Single Point of Failure (SPOF) - you can't protect against everything
35.3. Stateful Failover
35.4. Director failure
35.5. UltraMonkey and Linux-HA
35.6. Keepalived and Vrrpd
35.7. Using keepalived to failover routers
35.8. monitoring/failover messages should stay internal to LVS
35.9. Parsing problems with vrrpd config file
35.10. Two instances of vrrpd
35.11. HA MySQL
35.12. Failover of large numbers (say 1024) of VIPs
35.13. Some vrrpd setup instructions
35.14. Filter rules for vrrpd broadcasts
35.15. Vinnie's comparison between ldirectord/heartbeat and keepalived/vrrpd
35.16. Saru: All directors active at the same time
35.17. Server Load Balancing Registration Protocol
35.18. using iproute2 to keep demons running during failover, while link is down
36. LVS: Dynamic Routing, multiple gateways, realservers in multiple LVSs, dead gateway detection
36.1. Setting up multiple gateways: Realservers shared between two LVSs: ip route append
36.2. Connecting from clients through multiple parallel links: the dead gateway problem
36.3. Dynamic Routing to handle loss of routing in directors
36.4. Dynamic routing with gated: An LVS that connects to the outside world through two networks
36.5. flapping stemming from convergence time for spanning tree
37. LVS: Server State Sync Demon, syncd (saving the director's connection state on failover)
37.1. Intro
37.2. Release Notice
37.3. Expiration of Connection in Backup Director
37.4. LVS and syncd do not use conntrack
37.5. Connection Synchronisation (TCP Fail-Over)
37.6. The synchd produces broadcast traffic
37.7. from the mailing list
37.8. Bug (fixed) in syncd: mixed endianness on directors
38. LVS: Realserver failure handled by Mon
38.1. Introduction
38.2. ethernet NIC failure, and channel bonding
38.3. Service/realserver failout: mon, ldirectord
38.4. Mon for server/service failout
38.5. Monitoring the service running on the VIP on the realserver from the director
38.6. About Mon
38.7. Mon Install
38.8. Mon Configure
38.9. Testing mon without LVS
38.10. Can virtualserver.alert send commands to LVS?
38.11. Running mon with LVS
38.12. Why is the LVS monitored for failures/load by an external agent rather than by the kernel?
38.13. Running multiple directors (each with their own IP)
38.14. Mon scripts from Christopher DeMarco
39. LVS: Setting up Linux-HA for directors (mostly by using rpms)
39.1. linux-ha howto
39.2. Fix the (possible) ethernet alias issue.
39.3. Configure /etc/ha.d/. files.
39.4. Stop ldirectord from starting, ensure heartbeat starts on reboot
39.5. starting heartbeat and verifying functionality
39.6. Test your fail-over features, understand HA.
39.7. Configuration of mon - recommended
40. LVS: Director failover using heartbeat
40.1. Introduction
40.2. On using serial and ethernet connections for heartbeat
40.3. Ard van Breeman's replacement for IPaddr using ip and arping
41. LVS: Running LVS under UML (User Mode Linux), by Brett Elliot
41.1. Introduction
41.2. Ethernet bridging
41.3. Putting it all together: UML + LVS examples (not finished)
42. LVS: Newer networking tools: Policy Routing
42.1. Introduction
42.2. Policy Routing and ifconfig
42.3. Various debugging techniques for routes
42.4. checking source routed packets
42.5. handling arp problem with iproute2
42.6. ip commands you mightn't know about
42.7. Ratz's corrections on common iproute2/aliases misconceptions
42.8. Ratz's wrappers (for iproute2)
43. LVS: Weird hardware (and software)
43.1. Arp caching defeats Heartbeat switchover
43.2. Weird Hardware I: cisco catalyst routers gratuitously cache arp data (failover is slow)
43.3. Weird Hardware II: autonegotiation failure on cisco CSS 11050
43.4. Weird Hardware III: Watchguard firewall at client site
43.5. Weird Hardware IV: wrong device gets MAC address
43.6. Weird Hardware V: SonicWAll firewall rewriting sequence numbers
43.7. Weird Hardware VI: cisco 2924XL switch
43.8. Weird Hardware VII: unknown switches don't defragment
43.9. Weird Hardware VIII: bad routers/routing tables at ISP
43.10. Possible Wierd Hardware (or driver) IX: Broadcom GigE card
44. LVS: Misc/FAQ/Wisdom from the mailing list
44.1. Having one director handling multiple LVS sites, Multiple VIPs
44.2. Setting up a fake service on the realserver with inetd
44.3. How to bring down a realserver for maintenance (eg swap disks)
44.4. temporarily removing a realserver from view of keepalived
44.5. Howto turn your single node ftp/http server into an LVS without taking it off-line
44.6. shutdown of LVS
44.7. Other projects like LVS - Beowulf
44.8. Projects like LVS - Eddie
44.9. Recommendations for a redundant file system, RAID
44.10. on the need for extended testing
44.11. Bringing down aliased devices
44.12. Multiple IPs on the Director
44.13. Testimonials
44.14. Transport Layer Security(TLS)
44.15. Setting up a hot spare server
44.16. An LVS of LVSs
44.17. LVS on a Linux/IBM mainframe
44.18. mqseries
44.19. LVS log files
44.20. LVS and linux vlan
44.21. multi-home, multi-router LVS
44.22. Horror story, mostly from slow file system with disk intensive application
44.23. RTNETLINK answers:
44.24. LVS chokes on 600+ connections
45. LVS: L7 Switching
45.1. Introduction
45.2. KTCPVS
45.3. DRWS
45.4. Alexandre's (unamed) L7 code
45.5. UltraMonkey-L7
45.6. from the mailing list about L7 switching
45.7. What is TCPSP?
46. LVS: Geographically distributed load balancing
46.1. Determining Location from the IP
46.2. Supersparrow
46.3. sharing/separate routers
46.4. Other uses of BGP4 with LVS
46.5. Geographically remote nodes connected by Bridging
46.6. Load Balancing by DNS (round robin DNS)
46.7. BIND, BGP with load balancing (more ideas from Horms)
46.8. Commercial Geographically Distributed Servers
46.9. from the mailing list
47. LVS: Loadbalancing with unmodified realservers
47.1. F5 style SNAT
47.2. NetScaler
47.3. Using MASQ with REDIRECT to accept packet on realserver to replace a NetScaler
47.4. Using HAProxy with LVS to substitute for the remote server failover of a NetScaler
48. LVS: Virtualised Hosts in a Linux Virtual Server
48.1. Introduction
48.2. Virtualised Realsevers: VMWare/Xen
48.3. Running a test LVS (director, backup director and realservers) on one box (UML, VMWare)
48.4. VMWare problems with ntp
48.5. Xen tcpip checksum bug
49. LVS: Linux Distributions prepatched with LVS, Unsupported LVS addons
49.1. Distributions prepatched with LVS
49.2. PB's Nutshell HOWTO for Piranha/LVS-NAT
49.3. Horms advice for installing on RedHat systems
49.4. Recipe and LVS binaries for RedHat from Alex Kramarov
49.5. recipes for installing with RedHat from the mailing list
49.6. Hidden RPMs
50. LVS: Useful things that have no other place
50.1. Ramdisk
50.2. cscope
50.3. Neutral currents in multiphase power lines with non-linear loads (like computers with switching power supplies)
50.4. netcat/phatcat
51. LVS: FAQ
51.1. When will LVS be ported to Solaris, xxxBSD...?
51.2. Is there a HOWTO in Japanese, French, Italian, Mandarin...?
《解決方案》
:mrgreen: :mrgreen:
支持一下哦
CU社區要多做一些這類的活動啊,為整個國內的社區做出榜樣啊!
《解決方案》
雷人。都學會了頭髮也白了。
《解決方案》
支持樓主!使用lvs的
《解決方案》
回復 #1 kns1024wh 的帖子
支持啊,我也很關注這個項目,可是自己的英語太差了
《解決方案》
第三章節部分翻譯內容3. LVS: Install, Configure, Setup
3.LVS:安裝、配置、設置
3.1.從源碼安裝LVS
LVS-mini-HOWTO文檔描述從源代碼中安裝的方法。在這個描述中有兩種方法安裝說明
從命令行開始安裝。這種方式很好理解發生了什麼事情,如果你只希望有一個單一類型的設置。對於LVSs定義配置文件,將是乏味和有錯誤傾向。如果它不工作,你會花一些時間找出原因。
通過配置腳本建立一個具有單一調度器的LVS。這個腳本定義初始化的基本設置:它的錯誤證明(會給你足夠的信息未能找出可能是錯誤的) ,我用它為我所有的測試LVS項目中。因為它不容易擴展處理調度器故障和現在其它配置工具能夠解決這個問題, configure腳本沒有被開發了。對於生產系統,這裡需要對調度器設置failover(容錯),應該使用其他安裝工具或儲存設置作為一個腳本(例如ipvsadm-sav) 。
3.2. Ultra Monkey(超猴)
Ultra Monkey是一個二進位的LVS安裝包,包括Linux-HA實現調度器節點容錯和ldirectord實現realserver故障檢測。Ultra Monkey的作者是Horms ,一個LVS開發者。Ultra Monkey被VA Linux預裝到伺服器上出售,這種方式為該公司賺取了很多利潤。Ultra Monkey從2000年開始發布以來,是成熟和穩定。關於Ultra Monkey的疑問在LVS郵件列表中有找到答案。Ultra Monkey在LVS-HOWTO文檔中多次被提及到。
這裡有安裝指導,關於如何在Centos/RHEL4環境安裝兩個節點Ultra Monkey LVS實現HA/LB的過程。(http://www.jedi.com/obiwan/technology/ultramonkey-rhel4.html).
我最近使用Ultramonkey的RPM包安裝LVS。以下是(根據我的理解)完成如何實現CentOS 5 上設置LVS:在兩台PC上標準安裝64位CentOS 5 系統,使用Ultramonkey 和 Streamlined/HA 的拓撲結構實現對Apache服務的以下假定訪問:
Real Server names are ws01.testlab.local and ws02.testlab.local (replace these with the result from uname -n from each RS)
真實伺服器主機名分別為ws01.testlab.local 和 ws02.testlab.local(可以通過uname -n在每個真實伺服器上獲取主機名稱)
Real Server IPs are 10.0.0.10/24 and 10.0.0.20/24,
真實伺服器IP地址分別是10.0.0.10/24 和 10.0.0.20/24
Gateway: 10.0.0.1
網關是10.0.0.1
Virtual IP: 10.0.0.100
虛擬服務IP地址是 10.0.0.100
Username: tester
註:1-44個步驟分別描述了Ultramonkey在Centos上的安裝與配置過程。
1、開機並在BIOS自檢過程插入Centos 5 安裝CD;
2、選擇從CD啟動計算機;
3、鍵入「Enter」回車鍵進入圖形化安裝;
4、將提示您測試安裝介質。您可以選擇測試介質或跳過測試(通常你可以跳過這一步) ;
5、點擊「Next」下一步開始安裝;
6、選擇「English」作為安裝的語言並點擊「Next」繼續下一步;
7、選擇「U.S.English」作為鍵盤映射配置並點擊「Next」繼續下一步;
8、選擇'Remove all partitions on selected drivers and create default layout' 並點擊「Next」繼續下一步;
9、為每個適配器配置網路設置;
a、點擊「Edit」編輯;
i、取消使用「DHCP」的選項;
ii、輸入IP地址和子網掩碼;
iii、點擊「OK」;
b、輸入網關和DNS地址並點擊「Next」繼續下一步;
10、選擇「Asia/ Shanghai」並點擊「Next」繼續下一步;
11、輸入兩次root密碼的設置口令並點擊「Next」繼續下一步;
12、選擇安裝的系統軟體包
a、點選 'Desktop-Gnome', 'Server', 'Server-GUI', 'Clustering', 'Storage Clustering' ;
b、選擇「Customize Now」現在定製;
c、點擊「Next」繼續下一步;
13、詳細設置安裝的系統軟體包
a、展開並點擊'Details'詳細選擇,在Desktop Environments->GNOME Desktop Environment菜單;
i、取消 'desktop-printing', 'dvd+rw tools', 'esc', 'gimp-print-utils', 'gnome-audio', 'gnome-backgrounds', 'gnome-mag', 'gnome-pilot', 'gnome-themes', 'gok', and 'nautilus-cd' 軟體包選擇;
b、展開Servers伺服器菜單;
i、取消'DNS', 'Legacy Network Server', 'Mail Server', 'Network Servers', 'News', and 'Printing Support' 軟體包選擇;
c、展開Base System基本系統菜單;
i、取消 'Dialup Networking Support' 軟體包選擇;
d、展開Base System->Base菜單並點擊「Details」詳細按鈕;
i、取消'bluez-utils' and 'ccid' 軟體包選擇;
e、點擊「Next」繼續下一步;
14、點擊「Next」繼續下一步,開始複製文件;
15、移除 DVD 安裝介質並點擊「Reboot」 安裝后重新啟動機器;
16、設置"Disabled"取消防火牆並點擊「Forward」繼續;
在彈出的對話框中點擊「Yes」繼續;
17、設置「Disabled」取消SELinux並點擊「Forward」繼續;
18、選擇'Network Time Protocol'標籤, 選中 'Enable Network Time Protocol'啟用網路時間協議, 並點擊 'Forward'繼續;
19、在username欄位中輸入tester用戶名, 在Full name欄位中輸入'Test User', 在password欄位中輸入兩次密碼, 點擊'Forward'繼續;
20、點擊「Forward」掉過音效卡測試;
21、點擊'Finish'以完成Centos 5系統的安裝過程;
22、以root用戶名和設置的密碼登陸本地系統;
23、編輯「/etc/group」文件
vi /etc/group
a、找到'tester'用戶並在其後附加'wheel'用戶 (按i鍵進入插入狀態, 按鍵退出編輯狀態);
b、鍵入':wq'鍵保存文件並退出;
24、退出伺服器,到一台pc上通過SSH客戶端(如PuTTY)登陸到伺服器;
25、以tester用戶登陸伺服器;
26、通過SU切換到root帳戶
su -
27、通過 yum命令安裝後續軟體使用dries軟體倉庫,在/etc/yum.repo.d/ 目錄中建立建立 dries.repo配置文件通過下面的參數內容
name=Extra Fedora rpms dries - $releasever - $basearch baseurl=http://ftp.belnet.be/packages/dries.ulyssis.org/redhat/el5/en/x86_64/dries/RPMS
28、安裝dries的GPG key
rpm --import http://dries.ulyssis.org/rpm/RPM-GPG-KEY.dries.txt
29、更新您的本地軟體包並安裝一些額外的軟體包
yum update -y && yum -y install lynx libawt xorg-x11-deprecated-libs nx freenx arptables_jf httpd-devel
30、修正版本信息
mv /etc/redhat-release /etc/redhat-release.orig && \
echo "Red Hat Enterprise Linux Server release 5 (Tikanga)" > /etc/redhat-release
31、從http://www.ultramonkey.org站點下載Ultramonkey RPMs軟體包(also grab perl-MAIL-POP3Client, available from http://rpm.pbone.net/index.php3/stat/4/idpl/4508518/com/perl-Mail-POP3Client-2.17-1.el5.centos.noarch.rpm.html as of the time of this writing)
32、安裝arptables-noarp-addr 和 perl-Mail-POP3Client 軟體包 (改變路徑到Ultramonkey下載目錄中)
cd /usr/local/src/Ultramonkey && rpm -Uvh arptables-noarp-addr-0.99.2-1.rh.el.um.1.noarch.rpm && \
rpm -Uvh perl-Mail-POP3Client-2.17-1.el5.centos.noarch.rpm
33、安裝Ultramonkey
yum install -y heartbeat*
34、從http://www.ultramonkey.org下載和編輯Ultramonkey配置文件以符合您想要的拓撲結構到,在/etc/ha.d/目錄編輯它們能夠滿足您想要的配置。例子如下:
auth 2
2 sha1 Ultramonkey!
logfacility local0
mcast eth0 225.0.0.1 694 1 0
auto_failback off
node ws01.testlab.local
node ws02.testlab.local
ping 10.0.0.1
respawn hacluster /usr/lib64/heartbeat/ipfail
apiauth ipfail gid=haclient uid=hacluster
ws01.testlab.local \
ldirectord::ldirectord.cf \
LVSSyncDaemonSwap::master \
IPaddr2::10.0.0.100/24/eth0/10.0.0.255
checktimeout=10
checkinterval=2
autoreload=yes
logfile="/var/log/ldirectord.log"
quiescent=no
# Virtual Service for HTTP
virtual=10.0.0.100:80
fallback=127.0.0.1:80
real=10.0.0.10:80 gate
real=10.0.0.20:80 gate
service=http
request="alive.html"
receive="I'm alive!"
scheduler=wrr
persistent=1800
protocol=tcp
checktype=negotiate
# Virtual Service for HTTPS
virtual=10.0.0.100:443
fallback=127.0.0.1:443
real=10.0.0.10:443 gate
real=10.0.0.20:443 gate
service=https
request="alive.html"
receive="I'm alive!"
scheduler=wrr
persistent=1800
protocol=tcp
checktype=negotiate
35、設置authkeys文件的許可權
chmod 600 /etc/ha.d/authkeys
36、啟動httpd服務
httpd -k start
37、在/var/www/html目錄中以如下的內容創建alive.html文件(這是設置監控腳本的步驟)
I'm alive!
在/etc/hosts文件中為每個LVS的機器編輯FQDN名稱(這個步驟不是必須的,不過能夠幫助解決遇到的問題)
# Do not remove the following line, or various programs # that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
10.0.0.10 ws01.testlab.local ws01
10.0.0.20 ws02.testlab.local ws02
::1 localhost6.localdomain6 localhost6
38、在/etc/sysconfig/network-scripts/ifcfg-lo 文件中設置虛擬IP(Virtual IP)
DEVICE=lo
IPADDR=127.0.0.1
NETMASK=255.0.0.0
NETWORK=127.0.0.0
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
DEVICE=lo:0
IPADDR=10.0.0.100
NETMASK=255.255.255.255
NETWORK=10.0.0.0
BROADCAST=10.0.0.255
ONBOOT=yes
NAME=loopback
39、編輯/etc/sysconfig/network-scripts/ifcfg-eth0 文件(每個調度器/真實伺服器的IP地址,設置具體的etho介面信息
\
DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=10.0.0.10 NETMASK=255.255.252.0 GATEWAY=10.0.0.1
\
DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=10.0.0.20 NETMASK=255.255.252.0 GATEWAY=10.0.0.1
40、真實伺服器重啟network服務使網路設置生效
service network restart
41、在/etc/sysctl.conf 文件中設置ARP數據包的忽略和數據包轉發
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
42、是 sysctl.conf 配置文件生效
/sbin/sysctl -p
43、確認所有的服務在系統啟動時載入
chkconfig httpd on && chkconfig --level 2345 heartbeat on && chkconfig --del ldirectord
44、啟動heartbeat服務
/etc/init.d/ldirectord stop && /etc/init.d/heartbeat start
《解決方案》
翻譯佔位:)初次翻譯,有不足的地方望大家斧正
2. LVS: 什麼是LVS?我能夠使用LVS嗎?
Linux Virtual Server ( Linux 虛擬服務 簡稱LVS) 是指使一個群集的伺服器在對外服務時表現為單個伺服器的技術。這個表現出來的「單個伺服器」被我們稱為「虛擬伺服器」。那些單獨的組成集群的伺服器(也就是真實提供服務的伺服器,我們稱為realservers)是由內核打了ipvs補丁包的Linux控制器(或是負載平衡器)控制著。運行的ipvs補丁包的控制器就具體了基本的LVS特徵。其它運用層的程序是用來管理LVS(如:為服務處理,容錯處理設置規則)。控制器是基於可修改規則的4層路由結構(換而言之,連接並不來自於或是終止於控制器,控制器並不發送信息,它僅僅是一個路由)。
在LVS結構中一個新的連接是如何由客戶端請求到伺服器的呢(以httpd為例),控制器將為客戶端選擇一個真實伺服器(realserver)。客戶端與真實伺服器(realserver)之間將以tcp(或是udp)通信。當下一個tcp請求來臨時,控制器將為它選擇一個新的真實伺服器(realserver)(這個也許是,或不是之前的那個真實伺服器)。所以,瀏覽器請求由LVS系統所提供的一個複雜頁面(包括眾多圖片,文檔)時,有可能為每個連接都指向不同的真實伺服器。
由於控制器隨機把客戶請求發送給某台真實伺服器,這個請求有可能是只讀操作(如,web服務),也有可能是讀寫操作(如,在線商店的購物車),因此某些外部機制必須提供給LVS用來將這種請求在適當的時候發送給其它的真實伺服器(所有節點的真實伺服器,這次購買物品的數量應該在下次購買該物品前減一)。最好LVS系統只提供只讀服務。
假設你希望某個服務節點能夠在任意時間更新,同時其它沒有成為首要節點的節點(或是多個節點)被激活成主節點提供服務,那麼你需要的可能並不是LVS系統:而是高可用性設置,例:如LINUX-HA(LINUX心跳系統),vrrp 或是 carp。
如果你想要一些分佈在不同地區的伺服器,那麼需要的是類似 Supersparrow的異地分散式伺服器。
以下是一些展示負載平衡的RRD圖片(鏈接http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.monitoring_lvs.html#rrd_images)
用戶工具ipvsadm及schedulers是用於管理LVS,用來添加真實伺服器以及移除出錯伺服器。LVS自身不用於檢測錯誤狀態;外部代理通過ipvsadm檢測錯誤狀態,然後更新LVS狀態。
2.1. 什麼是VIP?
控制器顯示在用戶端的IP我們稱為VIP(虛擬IP)。(當我們使用防火牆網關時(fwmark),虛擬IP被分解為一群的真實IP,但是仍然以同一個IP的原則應用)。當客戶端連接到虛擬IP時,控制器轉發客戶端的數據包到一個連接到LVS系統的真實伺服器(realserver)。連接由管理器選擇和管理。realservers提供的服務(如FTP,HTTP,DNS,telnet遠程登錄,NNTP ,smtp)在/etc/services或是inetd.conf中定義。LVS系統通過控制層僅顯示一個IP(虛擬IP,VIP)給客戶端。
VIP是「服務群」的IP地址,而不作為系統提供的特定服務(如控制器和真實伺服器realservers)的IP地址。
當故障發生時,VIP將從故障控制器移動到其它的備份控制器(通常來說這藉助於mon和心跳系統,或是其它類似機制)。控制器可以擁有多個VIP。每個VIP分配給一個或多關相關伺服器使用,例如你可以讓一個HTTP/HTTPS負載平衡系統使用一個VIP,讓FTP(或是其它)負載平衡系統使用另一個VIP,因此對這些VIP的請求將可能被不同的伺服器應答。
任意一組的VIP或是埠都可以由防火牆網關設置。
真實伺服器的VIP配置由控制器決定(這包括處理ARP問題)。
假如你使用了COOKIES或是HPPTS,或是希望伺服器能夠保持連接狀態信息,這可能會產生持處連接的問題。這個問題的處理方案在LVS persistence page。(http://www.linuxvirtualserver.org/docs/persistence.html)
2.2. 你會在什麼地方用到LVS?
A 需要更高的吞吐量。在LVS系統中,通過增加真實伺服器來增加吞吐量的費用是線性,而通過購買更大更好的機器來增加吞吐量比線性增長更耗費。
B 以備不時之需。個別的機器可以移出LVS系統,升級及替換都不會影響到整個系統在線對外服務。機器可以逐步的移到一個新的地址,而不影響系統的對外服務。
C 為具備高適應能力。如果吞吐量逐步改變(當新的業務建立),或是突然改變(一個突發事件),伺服器的數量可以增加 (或減少) ,這種變化對客戶而言,是不明顯的。
2.3. 客戶/伺服器關係只是存在於一個LVS系統
A 客戶端只能看到一個IP地址,並且認為它只是連接到一台單獨的機器。所有真實伺服器的IP映射到同一個IP(VIP)。雖然客戶端感覺只是連接到一台機器,但其實隨後的連接將被分配到一個新的,可能不同的機器。
B 擁有不同IP地址的伺服器則認為他們是直接連接客戶端。
[ 本帖最後由 ysllyfe 於 2008-10-15 09:22 編輯 ]
《解決方案》
支持。
:lol: :lol: :lol:
